From a706f612a7bf0930af9a2a8af195cc0ec75970a2 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Wed, 24 Jul 2024 14:04:20 +0200
Subject: Move library formulas from test to main package.

---
 pyecsca/ec/data/formulas/add-bc-r1rv76-jac         |  2 ++
 pyecsca/ec/data/formulas/add-bc-r1rv76-jac.op3     | 23 ++++++++++++++++
 pyecsca/ec/data/formulas/add-bc-r1rv76-mod         |  2 ++
 pyecsca/ec/data/formulas/add-bc-r1rv76-mod.op3     | 26 ++++++++++++++++++
 pyecsca/ec/data/formulas/add-bearssl-v06           |  2 ++
 pyecsca/ec/data/formulas/add-bearssl-v06.op3       | 23 ++++++++++++++++
 pyecsca/ec/data/formulas/add-boringssl-p224        |  2 ++
 pyecsca/ec/data/formulas/add-boringssl-p224.op3    | 23 ++++++++++++++++
 pyecsca/ec/data/formulas/add-gecc-322              |  3 ++
 pyecsca/ec/data/formulas/add-gecc-322.op3          | 18 ++++++++++++
 pyecsca/ec/data/formulas/add-libgcrypt-v1102       |  4 +++
 pyecsca/ec/data/formulas/add-libgcrypt-v1102.op3   | 25 +++++++++++++++++
 pyecsca/ec/data/formulas/add-libressl-v382         |  4 +++
 pyecsca/ec/data/formulas/add-libressl-v382.op3     | 25 +++++++++++++++++
 pyecsca/ec/data/formulas/add-openssl-z256          |  2 ++
 pyecsca/ec/data/formulas/add-openssl-z256.op3      | 23 ++++++++++++++++
 pyecsca/ec/data/formulas/add-openssl-z256a         |  3 ++
 pyecsca/ec/data/formulas/add-openssl-z256a.op3     | 18 ++++++++++++
 pyecsca/ec/data/formulas/add-sunec-v21             |  3 ++
 pyecsca/ec/data/formulas/add-sunec-v21-ed25519     |  2 ++
 pyecsca/ec/data/formulas/add-sunec-v21-ed25519.op3 | 19 +++++++++++++
 pyecsca/ec/data/formulas/add-sunec-v21.op3         | 32 ++++++++++++++++++++++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac         |  2 ++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac.op3     | 19 +++++++++++++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod         |  2 ++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod.op3     | 18 ++++++++++++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519      |  4 +++
 pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519.op3  |  9 ++++++
 pyecsca/ec/data/formulas/dbl-bearssl-v06           |  2 ++
 pyecsca/ec/data/formulas/dbl-bearssl-v06.op3       | 20 ++++++++++++++
 pyecsca/ec/data/formulas/dbl-boringssl-p224        |  2 ++
 pyecsca/ec/data/formulas/dbl-boringssl-p224.op3    | 20 ++++++++++++++
 pyecsca/ec/data/formulas/dbl-gecc-321              |  4 +++
 pyecsca/ec/data/formulas/dbl-gecc-321.op3          | 17 ++++++++++++
 pyecsca/ec/data/formulas/dbl-hacl-x25519           |  4 +++
 pyecsca/ec/data/formulas/dbl-hacl-x25519.op3       |  9 ++++++
 pyecsca/ec/data/formulas/dbl-ipp-x25519            |  4 +++
 pyecsca/ec/data/formulas/dbl-ipp-x25519.op3        |  9 ++++++
 pyecsca/ec/data/formulas/dbl-libgcrypt-v1102       |  2 ++
 pyecsca/ec/data/formulas/dbl-libgcrypt-v1102.op3   | 18 ++++++++++++
 pyecsca/ec/data/formulas/dbl-libressl-v382         |  2 ++
 pyecsca/ec/data/formulas/dbl-libressl-v382.op3     | 20 ++++++++++++++
 pyecsca/ec/data/formulas/dbl-secp256k1-v040        |  2 ++
 pyecsca/ec/data/formulas/dbl-secp256k1-v040.op3    | 15 ++++++++++
 pyecsca/ec/data/formulas/dbl-sunec-v21             |  2 ++
 pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519     |  2 ++
 pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519.op3 | 14 ++++++++++
 pyecsca/ec/data/formulas/dbl-sunec-v21.op3         | 29 ++++++++++++++++++++
 pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519     |  5 ++++
 pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519.op3 | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-boringssl-x25519     |  5 ++++
 pyecsca/ec/data/formulas/ladd-boringssl-x25519.op3 | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-botan-x25519         |  4 +++
 pyecsca/ec/data/formulas/ladd-botan-x25519.op3     | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-go-1214              |  5 ++++
 pyecsca/ec/data/formulas/ladd-go-1214.op3          | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-hacl-x25519          |  5 ++++
 pyecsca/ec/data/formulas/ladd-hacl-x25519.op3      | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-openssl-x25519       |  5 ++++
 pyecsca/ec/data/formulas/ladd-openssl-x25519.op3   | 18 ++++++++++++
 pyecsca/ec/data/formulas/ladd-rfc7748              |  5 ++++
 pyecsca/ec/data/formulas/ladd-rfc7748.op3          | 18 ++++++++++++
 pyecsca/ec/data/formulas/madd-secp256k1-v040       |  2 ++
 pyecsca/ec/data/formulas/madd-secp256k1-v040.op3   | 30 ++++++++++++++++++++
 64 files changed, 727 insertions(+)
 create mode 100644 pyecsca/ec/data/formulas/add-bc-r1rv76-jac
 create mode 100644 pyecsca/ec/data/formulas/add-bc-r1rv76-jac.op3
 create mode 100644 pyecsca/ec/data/formulas/add-bc-r1rv76-mod
 create mode 100644 pyecsca/ec/data/formulas/add-bc-r1rv76-mod.op3
 create mode 100644 pyecsca/ec/data/formulas/add-bearssl-v06
 create mode 100644 pyecsca/ec/data/formulas/add-bearssl-v06.op3
 create mode 100644 pyecsca/ec/data/formulas/add-boringssl-p224
 create mode 100644 pyecsca/ec/data/formulas/add-boringssl-p224.op3
 create mode 100644 pyecsca/ec/data/formulas/add-gecc-322
 create mode 100644 pyecsca/ec/data/formulas/add-gecc-322.op3
 create mode 100644 pyecsca/ec/data/formulas/add-libgcrypt-v1102
 create mode 100644 pyecsca/ec/data/formulas/add-libgcrypt-v1102.op3
 create mode 100644 pyecsca/ec/data/formulas/add-libressl-v382
 create mode 100644 pyecsca/ec/data/formulas/add-libressl-v382.op3
 create mode 100644 pyecsca/ec/data/formulas/add-openssl-z256
 create mode 100644 pyecsca/ec/data/formulas/add-openssl-z256.op3
 create mode 100644 pyecsca/ec/data/formulas/add-openssl-z256a
 create mode 100644 pyecsca/ec/data/formulas/add-openssl-z256a.op3
 create mode 100644 pyecsca/ec/data/formulas/add-sunec-v21
 create mode 100644 pyecsca/ec/data/formulas/add-sunec-v21-ed25519
 create mode 100644 pyecsca/ec/data/formulas/add-sunec-v21-ed25519.op3
 create mode 100644 pyecsca/ec/data/formulas/add-sunec-v21.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519
 create mode 100644 pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-bearssl-v06
 create mode 100644 pyecsca/ec/data/formulas/dbl-bearssl-v06.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-boringssl-p224
 create mode 100644 pyecsca/ec/data/formulas/dbl-boringssl-p224.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-gecc-321
 create mode 100644 pyecsca/ec/data/formulas/dbl-gecc-321.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-hacl-x25519
 create mode 100644 pyecsca/ec/data/formulas/dbl-hacl-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-ipp-x25519
 create mode 100644 pyecsca/ec/data/formulas/dbl-ipp-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-libgcrypt-v1102
 create mode 100644 pyecsca/ec/data/formulas/dbl-libgcrypt-v1102.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-libressl-v382
 create mode 100644 pyecsca/ec/data/formulas/dbl-libressl-v382.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-secp256k1-v040
 create mode 100644 pyecsca/ec/data/formulas/dbl-secp256k1-v040.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-sunec-v21
 create mode 100644 pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519
 create mode 100644 pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519.op3
 create mode 100644 pyecsca/ec/data/formulas/dbl-sunec-v21.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519
 create mode 100644 pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-boringssl-x25519
 create mode 100644 pyecsca/ec/data/formulas/ladd-boringssl-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-botan-x25519
 create mode 100644 pyecsca/ec/data/formulas/ladd-botan-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-go-1214
 create mode 100644 pyecsca/ec/data/formulas/ladd-go-1214.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-hacl-x25519
 create mode 100644 pyecsca/ec/data/formulas/ladd-hacl-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-openssl-x25519
 create mode 100644 pyecsca/ec/data/formulas/ladd-openssl-x25519.op3
 create mode 100644 pyecsca/ec/data/formulas/ladd-rfc7748
 create mode 100644 pyecsca/ec/data/formulas/ladd-rfc7748.op3
 create mode 100644 pyecsca/ec/data/formulas/madd-secp256k1-v040
 create mode 100644 pyecsca/ec/data/formulas/madd-secp256k1-v040.op3

(limited to 'pyecsca/ec')

diff --git a/pyecsca/ec/data/formulas/add-bc-r1rv76-jac b/pyecsca/ec/data/formulas/add-bc-r1rv76-jac
new file mode 100644
index 0000000..ad7844b
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bc-r1rv76-jac
@@ -0,0 +1,2 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java#L749
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/add-bc-r1rv76-jac.op3 b/pyecsca/ec/data/formulas/add-bc-r1rv76-jac.op3
new file mode 100644
index 0000000..5e7f521
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bc-r1rv76-jac.op3
@@ -0,0 +1,23 @@
+Z1Squared = Z1^2
+U2 = Z1Squared * X2
+Z1Cubed = Z1Squared * Z1
+S2 = Z1Cubed * Y2
+Z2Squared = Z2^2
+U1 = Z2Squared * X1
+Z2Cubed = Z2Squared * Z2
+S1 = Z2Cubed * Y1
+H = U1 - U2
+R = S1 - S2
+HSquared = H^2
+G = HSquared * H
+V = HSquared * U1
+t0 = 2 * V
+t1 = R^2
+t2 = t1 + G
+X3 = t2 - t0
+t3 = V - X3
+t4 = G * S1
+t5 = t3 * R
+Y3 = t5 - t4
+Z3 = H * Z1
+Z3 = Z3 * Z2
diff --git a/pyecsca/ec/data/formulas/add-bc-r1rv76-mod b/pyecsca/ec/data/formulas/add-bc-r1rv76-mod
new file mode 100644
index 0000000..87158b5
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bc-r1rv76-mod
@@ -0,0 +1,2 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java#L749
+coords modified
diff --git a/pyecsca/ec/data/formulas/add-bc-r1rv76-mod.op3 b/pyecsca/ec/data/formulas/add-bc-r1rv76-mod.op3
new file mode 100644
index 0000000..7adff36
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bc-r1rv76-mod.op3
@@ -0,0 +1,26 @@
+Z1Squared = Z1^2
+U2 = Z1Squared * X2
+Z1Cubed = Z1Squared * Z1
+S2 = Z1Cubed * Y2
+Z2Squared = Z2^2
+U1 = Z2Squared * X1
+Z2Cubed = Z2Squared * Z2
+S1 = Z2Cubed * Y1
+H = U1 - U2
+R = S1 - S2
+HSquared = H^2
+G = HSquared * H
+V = HSquared * U1
+t0 = 2 * V
+t1 = R^2
+t2 = t1 + G
+X3 = t2 - t0
+t3 = V - X3
+t4 = G * S1
+t5 = t3 * R
+Y3 = t5 - t4
+Z3 = H * Z1
+Z3 = Z3 * Z2
+Z3Squared = Z3^2
+W = Z3Squared^2
+T3 = W * a
diff --git a/pyecsca/ec/data/formulas/add-bearssl-v06 b/pyecsca/ec/data/formulas/add-bearssl-v06
new file mode 100644
index 0000000..b7ac8cd
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bearssl-v06
@@ -0,0 +1,2 @@
+source BearSSL v0.6 https://bearssl.org/gitweb/?p=BearSSL;a=blob;f=src/ec/ec_prime_i15.c;h=f86dbe6ff0dbc036af470e369048c4ae02d33337;hb=HEAD#l320
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/add-bearssl-v06.op3 b/pyecsca/ec/data/formulas/add-bearssl-v06.op3
new file mode 100644
index 0000000..9b3d3a9
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-bearssl-v06.op3
@@ -0,0 +1,23 @@
+t3 = Z2^2
+t1 = X1 * t3
+t4 = Z2 * t3
+t3 = Y1 * t4
+t4 = Z1^2
+t2 = X2 * t4
+t5 = Z1 * t4
+t4 = Y2 * t5
+t2 = t2 - t1
+t4 = t4 - t3
+t7 = t2^2
+t6 = t1 * t7
+t5 = t7 * t2
+X = t4^2
+X = X - t5
+X = X - t6
+X3 = X - t6
+t6 = t6 - X3
+Y = t4 * t6
+t1 = t5 * t3
+Y3 = Y - t1
+t1 = Z1 * Z2
+Z3 = t1 * t2
diff --git a/pyecsca/ec/data/formulas/add-boringssl-p224 b/pyecsca/ec/data/formulas/add-boringssl-p224
new file mode 100644
index 0000000..f3b8097
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-boringssl-p224
@@ -0,0 +1,2 @@
+source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/fipsmodule/ec/p224-64.c#L676
+coords jacobian-3
diff --git a/pyecsca/ec/data/formulas/add-boringssl-p224.op3 b/pyecsca/ec/data/formulas/add-boringssl-p224.op3
new file mode 100644
index 0000000..bd0f88e
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-boringssl-p224.op3
@@ -0,0 +1,23 @@
+ftmp2 = Z2^2
+ftmp4 = Z2 * ftmp2
+ftmp4 = ftmp4 * Y1
+ftmp2 = ftmp2 * X1
+ftmp = Z1^2
+ftmp3 = Z1 * ftmp
+tmp = ftmp3 * Y2
+ftmp3 = tmp - ftmp4
+tmp = ftmp * X2
+ftmp = tmp - ftmp2
+ftmp5 = Z1 * Z2
+Z3 = ftmp * ftmp5
+_ftmp = ftmp^2
+ftmp5 = ftmp * _ftmp
+ftmp2 = ftmp2 * _ftmp
+tmp = ftmp4 * ftmp5
+tmp2 = ftmp3^2
+tmp2 = tmp2 - ftmp5
+ftmp5 = 2 * ftmp2
+X3 = tmp2 - ftmp5
+ftmp2 = ftmp2 - X3
+tmp2 = ftmp3 * ftmp2
+Y3 = tmp2 - tmp
diff --git a/pyecsca/ec/data/formulas/add-gecc-322 b/pyecsca/ec/data/formulas/add-gecc-322
new file mode 100644
index 0000000..e174e1c
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-gecc-322
@@ -0,0 +1,3 @@
+source GECC Algorithm 3.22
+coords jacobian-3
+assume Z2 = 1
diff --git a/pyecsca/ec/data/formulas/add-gecc-322.op3 b/pyecsca/ec/data/formulas/add-gecc-322.op3
new file mode 100644
index 0000000..731bcda
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-gecc-322.op3
@@ -0,0 +1,18 @@
+T1 = Z1^2
+T2 = T1 * Z1
+T1 = T1 * X2
+T2 = T2 * Y2
+T1 = T1 - X1
+T2 = T2 - Y1
+Z3 = Z1 * T1
+T3 = T1^2
+T4 = T3 * T1
+T3 = T3 * X1
+T1 = 2 * T3
+X3 = T2^2
+X3 = X3 - T1
+X3 = X3 - T4
+T3 = T3 - X3
+T3 = T3 * T2
+T4 = T4 * Y1
+Y3 = T3 - T4
diff --git a/pyecsca/ec/data/formulas/add-libgcrypt-v1102 b/pyecsca/ec/data/formulas/add-libgcrypt-v1102
new file mode 100644
index 0000000..3d542ed
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-libgcrypt-v1102
@@ -0,0 +1,4 @@
+source libgcrypt v1.10.2 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=mpi/ec.c;h=c24921eea8bea8363a503d6d6071b116c176d8e5;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56#l1406
+parameter half
+assume half = 1/2
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/add-libgcrypt-v1102.op3 b/pyecsca/ec/data/formulas/add-libgcrypt-v1102.op3
new file mode 100644
index 0000000..d41d7b8
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-libgcrypt-v1102.op3
@@ -0,0 +1,25 @@
+l1 = Z2^2
+l1 = l1 * X1
+l2 = Z1^2
+l2 = l2 * X2
+l3 = l1 - l2
+l4 = Z2^3
+l4 = l4 * Y1
+l5 = Z1^3
+l5 = l5 * Y2
+l6 = l4 - l5
+l7 = l1 + l2
+l8 = l4 + l5
+Z3 = Z1 * Z2
+Z3 = Z3 * l3
+t1 = l6^2
+t2 = l3^2
+t2 = t2 * l7
+X3 = t1 - t2
+t1 = X3 * 2
+l9 = t2 - t1
+l9 = l9 * l6
+t1 = l3^3
+t1 = t1 * l8
+Y3 = l9 - t1
+Y3 = Y3 * half
diff --git a/pyecsca/ec/data/formulas/add-libressl-v382 b/pyecsca/ec/data/formulas/add-libressl-v382
new file mode 100644
index 0000000..b40a190
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-libressl-v382
@@ -0,0 +1,4 @@
+source LibreSSL v3.8.2 https://github.com/libressl/openbsd/blob/libressl-v3.8.2/src/lib/libcrypto/ec/ecp_smpl.c#L472
+coords Jacobian
+parameter half
+assume half = 1 / 2
diff --git a/pyecsca/ec/data/formulas/add-libressl-v382.op3 b/pyecsca/ec/data/formulas/add-libressl-v382.op3
new file mode 100644
index 0000000..0a8aa33
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-libressl-v382.op3
@@ -0,0 +1,25 @@
+n0 = Z2^2
+n1 = X1 * n0
+n0 = n0 * Z2
+n2 = Y1 * n0
+n0 = Z1^2
+n3 = X2 * n0
+n0 = n0 * Z1
+n4 = Y2 * n0
+n5 = n1 - n3
+n6 = n2 - n4
+n7 = n1 + n3
+n8 = n2 + n4
+n0 = Z1 * Z2
+Z3 = n0 * n5
+n0 = n6^2
+n4 = n5^2
+n3 = n4 * n7
+X3 = n0 - n3
+n0 = 2 * X3
+n9 = n3 - n0
+t0 = n6 * n9
+t1 = n4 * n5
+t2 = n8 * t1
+Y3 = t0 - t2
+Y3 = Y3 * half
diff --git a/pyecsca/ec/data/formulas/add-openssl-z256 b/pyecsca/ec/data/formulas/add-openssl-z256
new file mode 100644
index 0000000..84efc9d
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-openssl-z256
@@ -0,0 +1,2 @@
+source OpenSSL 3.1.4 https://github.com/openssl/openssl/blob/openssl-3.1.4/crypto/ec/ecp_nistz256.c#L312
+coords jacobian-3
diff --git a/pyecsca/ec/data/formulas/add-openssl-z256.op3 b/pyecsca/ec/data/formulas/add-openssl-z256.op3
new file mode 100644
index 0000000..3819546
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-openssl-z256.op3
@@ -0,0 +1,23 @@
+Z2sqr = Z2^2
+Z1sqr = Z1^2
+S1 = Z2sqr * Z2
+S2 = Z1sqr * Z1
+S1 = Y1 * S1
+S2 = Y2 * S2
+R = S2 - S1
+U1 = X1 * Z2sqr
+U2 = X2 * Z1sqr
+H = U2 - U1
+Rsqr = R^2
+Z3 = H * Z1
+Hsqr = H^2
+Z3 = Z3 * Z2
+Hcub = Hsqr * H
+U2 = U1 * Hsqr
+Hsqr = 2 * U2
+X3 = Rsqr - Hsqr
+X3 = X3 - Hcub
+Y3 = U2 - X3
+S2 = S1 * Hcub
+Y3 = R * Y3
+Y3 = Y3 - S2
diff --git a/pyecsca/ec/data/formulas/add-openssl-z256a b/pyecsca/ec/data/formulas/add-openssl-z256a
new file mode 100644
index 0000000..71de9d0
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-openssl-z256a
@@ -0,0 +1,3 @@
+source OpenSSL 3.1.4 https://github.com/openssl/openssl/blob/openssl-3.1.4/crypto/ec/ecp_nistz256.c#L442
+coords jacobian-3
+assume Z2 = 1
diff --git a/pyecsca/ec/data/formulas/add-openssl-z256a.op3 b/pyecsca/ec/data/formulas/add-openssl-z256a.op3
new file mode 100644
index 0000000..23f90e6
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-openssl-z256a.op3
@@ -0,0 +1,18 @@
+Z1sqr = Z1^2
+U2 = X2 * Z1sqr
+H = U2 - X1
+S2 = Z1sqr * Z1
+Z3 = H * Z1
+S2 = S2 * Y2
+R = S2 - Y1
+Hsqr = H^2
+Rsqr = R^2
+Hcub = Hsqr * H
+U2 = X1 * Hsqr
+Hsqr = 2 * U2
+X3 = Rsqr - Hsqr
+X3 = X3 - Hcub
+H = U2 - X3
+S2 = Y1 * Hcub
+H = H * R
+Y3 = H - S2
diff --git a/pyecsca/ec/data/formulas/add-sunec-v21 b/pyecsca/ec/data/formulas/add-sunec-v21
new file mode 100644
index 0000000..2d6f395
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-sunec-v21
@@ -0,0 +1,3 @@
+source Java JDK 21 https://github.com/openjdk/jdk/blob/jdk-21-ga/src/jdk.crypto.ec/share/classes/sun/security/ec/ECOperations.java#L287
+coords projective-3
+assume Z2 = 1
diff --git a/pyecsca/ec/data/formulas/add-sunec-v21-ed25519 b/pyecsca/ec/data/formulas/add-sunec-v21-ed25519
new file mode 100644
index 0000000..5814455
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-sunec-v21-ed25519
@@ -0,0 +1,2 @@
+source Java JDK 21 https://github.com/openjdk/jdk/blob/jdk-21-ga/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed25519Operations.java#L147
+coords extended-1
diff --git a/pyecsca/ec/data/formulas/add-sunec-v21-ed25519.op3 b/pyecsca/ec/data/formulas/add-sunec-v21-ed25519.op3
new file mode 100644
index 0000000..2498a1f
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-sunec-v21-ed25519.op3
@@ -0,0 +1,19 @@
+t1 = Y2 - X2
+t2 = Y1 - X1
+t2 = t2 * t1
+t1 = Y2 + X2
+t3 = Y1 + X1
+t3 = t3 * t1
+X = t3 - t2
+t3 = t3 + t2
+t2 = d + d
+t2 = t2 * T1
+t2 = t2 * T2
+t1 = Z1 * Z2
+t1 = t1 * 2
+Y = t1 + t2
+Z = t1 - t2
+T3 = X1 * t3
+X3 = X * Z
+Z3 = Z * Y
+Y3 = Y * t3
diff --git a/pyecsca/ec/data/formulas/add-sunec-v21.op3 b/pyecsca/ec/data/formulas/add-sunec-v21.op3
new file mode 100644
index 0000000..d682b16
--- /dev/null
+++ b/pyecsca/ec/data/formulas/add-sunec-v21.op3
@@ -0,0 +1,32 @@
+t0 = X1 * X2
+t1 = Y1 * Y2
+t3 = X2 + Y2
+t4 = X1 + Y1
+t3 = t3 * t4
+t4 = t0 + t1
+t3 = t3 - t4
+t4 = Y2 * Z1
+t4 = t4 + Y1
+Y = X2 * Z1
+Y = Y + X1
+Z = Z1 * b
+X = Y - Z
+X = X * 3
+Z = t1 - X
+X = X + t1
+Y = Y * b
+t2 = Z1 * 3
+Y = Y - t2
+Y = Y - t0
+Y = Y * 3
+t0 = t0 * 3
+t0 = t0 - t2
+t1 = t4 * Y
+t2 = t0 * Y
+Y = X * Z
+Y3 = Y + t2
+X = X * t3
+X3 = X - t1
+Z = Z * t4
+t3 = t3 * t0
+Z3 = Z + t3
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac
new file mode 100644
index 0000000..8fca349
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac
@@ -0,0 +1,2 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java#L877
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac.op3 b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac.op3
new file mode 100644
index 0000000..c4ebef2
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-jac.op3
@@ -0,0 +1,19 @@
+Y1Squared = Y1^2
+T = Y1Squared^2
+X1Squared = X1^2
+M = 3 * X1Squared
+Z1Squared = Z1^2
+Z1Pow4 = Z1Squared^2
+t0 = Z1Pow4 * a
+M = M + t0
+t1 = X1 * Y1Squared
+S = 4 * t1
+t2 = 2 * S
+t3 = M^2
+X3 = t3 - t2
+t4 = 8 * T
+t5 = S - X3
+t6 = t5 * M
+Y3 = t6 - t4
+Z3 = 2 * Y1
+Z3 = Z3 * Z1
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod
new file mode 100644
index 0000000..f9b9843
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod
@@ -0,0 +1,2 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java#L1321
+coords modified
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod.op3 b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod.op3
new file mode 100644
index 0000000..201408e
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-mod.op3
@@ -0,0 +1,18 @@
+X1Squared = X1^2
+t0 = 3 * X1Squared
+M = t0 + T1
+_2Y1 = 2 * Y1
+_2Y1Squared = _2Y1 * Y1
+t1 = X1 * _2Y1Squared
+S = 2 * t1
+t2 = M^2
+t3 = 2 * S
+X3 = t2 - t3
+_4T = _2Y1Squared^2
+_8T = 2 * _4T
+t4 = S - X3
+t5 = M * t4
+Y3 = t5 - _8T
+t6 = _8T * T1
+T3 = 2 * t6
+Z3 = _2Y1 * Z1
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519 b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519
new file mode 100644
index 0000000..d5d73fb
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519
@@ -0,0 +1,4 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L73
+parameter a24
+assume a24 = (a+2)/4
+coords xz
diff --git a/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519.op3 b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519.op3
new file mode 100644
index 0000000..86f2e50
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bc-r1rv76-x25519.op3
@@ -0,0 +1,9 @@
+pa = X1 + Z1
+pb = X1 - Z1
+pa = pa^2
+pb = pb^2
+X3 = pa * pb
+pa = pa - pb
+Z3 = pa * a24
+Z3 = Z3 + pb
+Z3 = Z3 * pa
diff --git a/pyecsca/ec/data/formulas/dbl-bearssl-v06 b/pyecsca/ec/data/formulas/dbl-bearssl-v06
new file mode 100644
index 0000000..9479888
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bearssl-v06
@@ -0,0 +1,2 @@
+source BearSSL v0.6 https://bearssl.org/gitweb/?p=BearSSL;a=blob;f=src/ec/ec_prime_i15.c;h=f86dbe6ff0dbc036af470e369048c4ae02d33337;hb=HEAD#l214
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/dbl-bearssl-v06.op3 b/pyecsca/ec/data/formulas/dbl-bearssl-v06.op3
new file mode 100644
index 0000000..c89c340
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-bearssl-v06.op3
@@ -0,0 +1,20 @@
+t1 = Z1^2
+t2 = X1 - t1
+t1 = t1 + X1
+t3 = t1 * t2
+t1 = t3 + t3
+t1 = t1 + t3
+t3 = Y1^2
+t3 = t3 + t3
+t2 = X1 * t3
+t2 = t2 + t2
+X = t1^2
+X = X - t2
+X3 = X - t2
+t4 = Y1 * Z1
+Z3 = t4 + t4
+t2 = t2 - X3
+Y = t1 * t2
+t4 = t3^2
+Y = Y - t4
+Y3 = Y - t4
diff --git a/pyecsca/ec/data/formulas/dbl-boringssl-p224 b/pyecsca/ec/data/formulas/dbl-boringssl-p224
new file mode 100644
index 0000000..db28389
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-boringssl-p224
@@ -0,0 +1,2 @@
+source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/fipsmodule/ec/p224-64.c#L591
+coords jacobian-3
diff --git a/pyecsca/ec/data/formulas/dbl-boringssl-p224.op3 b/pyecsca/ec/data/formulas/dbl-boringssl-p224.op3
new file mode 100644
index 0000000..a0d6fe8
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-boringssl-p224.op3
@@ -0,0 +1,20 @@
+delta = Z1^2
+gamma = Y1^2
+beta = X1 * gamma
+ftmp = X1 - delta
+ftmp2 = X1 + delta
+ftmp2 = 3 * ftmp2
+alpha = ftmp * ftmp2
+tmp = alpha^2
+ftmp = 8 * beta
+X3 = tmp - ftmp
+delta = delta + gamma
+ftmp = Y1 + Z1
+tmp = ftmp^2
+Z3 = tmp - delta
+beta = 4 * beta
+beta = beta - X3
+tmp = alpha * beta
+tmp2 = gamma^2
+tmp2 = 8 * tmp2
+Y3 = tmp - tmp2
diff --git a/pyecsca/ec/data/formulas/dbl-gecc-321 b/pyecsca/ec/data/formulas/dbl-gecc-321
new file mode 100644
index 0000000..33c3b85
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-gecc-321
@@ -0,0 +1,4 @@
+source GECC Algorithm 3.21
+parameter half
+assume half = 1/2
+coords jacobian-3
diff --git a/pyecsca/ec/data/formulas/dbl-gecc-321.op3 b/pyecsca/ec/data/formulas/dbl-gecc-321.op3
new file mode 100644
index 0000000..b9e7697
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-gecc-321.op3
@@ -0,0 +1,17 @@
+T1 = Z1^2
+T2 = X1 - T1
+T1 = X1 + T1
+T2 = T2 * T1
+T2 = 3 * T2
+Y3 = 2 * Y1
+Z3 = Y3 * Z1
+Y3 = Y3^2
+T3 = Y3 * X1
+Y3 = Y3^2
+Y3 = Y3 * half
+X3 = T2^2
+T1 = 2 * T3
+X3 = X3 - T1
+T1 = T3 - X3
+T1 = T1 * T2
+Y3 = T1 - Y3
diff --git a/pyecsca/ec/data/formulas/dbl-hacl-x25519 b/pyecsca/ec/data/formulas/dbl-hacl-x25519
new file mode 100644
index 0000000..b2a1d00
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-hacl-x25519
@@ -0,0 +1,4 @@
+source HACL* https://github.com/hacl-star/hacl-star/blob/v0.3.0/specs/Spec.Curve25519.fst#L80C9-L80C9
+parameter am24
+assume am24 = (a-2)/4
+coords xz
diff --git a/pyecsca/ec/data/formulas/dbl-hacl-x25519.op3 b/pyecsca/ec/data/formulas/dbl-hacl-x25519.op3
new file mode 100644
index 0000000..8b315db
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-hacl-x25519.op3
@@ -0,0 +1,9 @@
+a = X1 + Z1
+b = X1 - Z1
+aa = a^2
+bb = b^2
+e = aa - bb
+e121665 = e * am24
+aa_e121665 = e121665 + aa
+X3 = aa * bb
+Z3 = e * aa_e121665
diff --git a/pyecsca/ec/data/formulas/dbl-ipp-x25519 b/pyecsca/ec/data/formulas/dbl-ipp-x25519
new file mode 100644
index 0000000..9010ee9
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-ipp-x25519
@@ -0,0 +1,4 @@
+source Intel IPP crypto https://github.com/intel/ipp-crypto/blob/ippcp_2021.9.0/sources/ippcp/crypto_mb/src/x25519/ifma_x25519.c#L1689
+parameter a24
+assume a24 = (a+2)/4
+coords xz
diff --git a/pyecsca/ec/data/formulas/dbl-ipp-x25519.op3 b/pyecsca/ec/data/formulas/dbl-ipp-x25519.op3
new file mode 100644
index 0000000..baaeb54
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-ipp-x25519.op3
@@ -0,0 +1,9 @@
+A = X1 + Z1
+B = X1 - Z1
+A = A^2
+B = B^2
+C = A - B
+D = a24 * C
+D = D + B
+X3 = A * B
+Z3 = C * D
diff --git a/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102 b/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102
new file mode 100644
index 0000000..fdb3878
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102
@@ -0,0 +1,2 @@
+source libgcrypt v1.10.2 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=mpi/ec.c;h=c24921eea8bea8363a503d6d6071b116c176d8e5;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56#l1219
+coords jacobian
diff --git a/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102.op3 b/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102.op3
new file mode 100644
index 0000000..3ae81dd
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-libgcrypt-v1102.op3
@@ -0,0 +1,18 @@
+l1 = X1^2
+l1 = l1 * 3
+t1 = Z1^4
+t1 = t1 * a
+l1 = l1 + t1
+Z3 = Y1 * Z1
+Z3 = Z3 * 2
+t2 = Y1^2
+l2 = t2 * X1
+l2 = l2 * 4
+X3 = l1^2
+t1 = l2 * 2
+X3 = X3 - t1
+t2 = t2^2
+l3 = t2 * 8
+Y3 = l2 - X3
+Y3 = Y3 * l1
+Y3 = Y3 - l3
diff --git a/pyecsca/ec/data/formulas/dbl-libressl-v382 b/pyecsca/ec/data/formulas/dbl-libressl-v382
new file mode 100644
index 0000000..1f0c618
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-libressl-v382
@@ -0,0 +1,2 @@
+source LibreSSL v3.8.2 https://github.com/libressl/openbsd/blob/libressl-v3.8.2/src/lib/libcrypto/ec/ecp_smpl.c#L654
+coords Jacobian
diff --git a/pyecsca/ec/data/formulas/dbl-libressl-v382.op3 b/pyecsca/ec/data/formulas/dbl-libressl-v382.op3
new file mode 100644
index 0000000..2bb4541
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-libressl-v382.op3
@@ -0,0 +1,20 @@
+n0 = X1^2
+n1 = n0 * 2
+n0 = n0 + n1
+n1 = Z1^2
+n1 = n1^2
+n1 = a * n1
+n1 = n0 + n1
+n0 = Y1 * Z1
+Z3 = 2 * n0
+n3 = Y1^2
+n2 = X1 * n3
+n2 = 4 * n2
+n0 = 2 * n2
+X3 = n1^2
+X3 = X3 - n0
+n0 = n3^2
+n3 = 8 * n0
+n0 = n2 - X3
+n0 = n1 * n0
+Y3 = n0 - n3
diff --git a/pyecsca/ec/data/formulas/dbl-secp256k1-v040 b/pyecsca/ec/data/formulas/dbl-secp256k1-v040
new file mode 100644
index 0000000..1ed844d
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-secp256k1-v040
@@ -0,0 +1,2 @@
+source libsecp256k1 v0.4.0 https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/group_impl.h#L406
+coords Jacobian
diff --git a/pyecsca/ec/data/formulas/dbl-secp256k1-v040.op3 b/pyecsca/ec/data/formulas/dbl-secp256k1-v040.op3
new file mode 100644
index 0000000..18d0c06
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-secp256k1-v040.op3
@@ -0,0 +1,15 @@
+Z3 = Y1*Z1
+S = Y1^2
+L = X1^2
+L = 3*L
+L = L/2
+T = -S
+T = T*X1
+X3 = L^2
+X3 = X3+T
+X3 = X3+T
+S = S^2
+T = T+X3
+Y3 = T*L
+Y3 = Y3+S
+Y3 = -Y3
diff --git a/pyecsca/ec/data/formulas/dbl-sunec-v21 b/pyecsca/ec/data/formulas/dbl-sunec-v21
new file mode 100644
index 0000000..663793a
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-sunec-v21
@@ -0,0 +1,2 @@
+source Java JDK 21 https://github.com/openjdk/jdk/blob/jdk-21-ga/src/jdk.crypto.ec/share/classes/sun/security/ec/ECOperations.java#L220
+coords projective-3
diff --git a/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519 b/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519
new file mode 100644
index 0000000..f20095f
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519
@@ -0,0 +1,2 @@
+source Java JDK 21 https://github.com/openjdk/jdk/blob/jdk-21-ga/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed25519Operations.java#L184
+coords extended-1
diff --git a/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519.op3 b/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519.op3
new file mode 100644
index 0000000..9f25c7e
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-sunec-v21-ed25519.op3
@@ -0,0 +1,14 @@
+t1 = X1 + Y1
+t1 = t1^2
+X = X1^2
+Y = Y1^2
+t2 = X + Y
+Z = Z1^2
+Z = Z * 2
+T = t2 - t1
+t1 = X - Y
+Z = Z + t1
+X3 = T * Z
+Y3 = t1 * t2
+T3 = T * t2
+Z3 = Z * t1
diff --git a/pyecsca/ec/data/formulas/dbl-sunec-v21.op3 b/pyecsca/ec/data/formulas/dbl-sunec-v21.op3
new file mode 100644
index 0000000..7480ec6
--- /dev/null
+++ b/pyecsca/ec/data/formulas/dbl-sunec-v21.op3
@@ -0,0 +1,29 @@
+t0 = X1^2
+t1 = Y1^2
+t2 = Z1^2
+t3 = X1 * Y1
+t4 = Y1 * Z1
+t3 = t3 + t3
+Z = Z1 * X1
+Z = Z * 2
+Y = t2 * b
+Y = Y - Z
+Y = 3 * Y
+X = t1 - Y
+Y = Y + t1
+Y = Y * X
+X = X * t3
+t2 = t2 * 3
+Z = Z * b
+Z = Z - t2
+Z = Z - t0
+Z = Z * 3
+t0 = t0 * 3
+t0 = t0 - t2
+t0 = t0 * Z
+Y3 = Y + t0
+t4 = t4 + t4
+Z = Z * t4
+X3 = X - Z
+Z = t4 * t1
+Z3 = Z * 4
diff --git a/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519 b/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519
new file mode 100644
index 0000000..01cc06d
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519
@@ -0,0 +1,5 @@
+source BouncyCastle r1rv76 https://github.com/bcgit/bc-java/blob/r1rv76/core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519.java#L111
+parameter a24
+assume a24 = (a+2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519.op3 b/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519.op3
new file mode 100644
index 0000000..2859b26
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-bc-r1rv76-x25519.op3
@@ -0,0 +1,18 @@
+t1 = X3 + Z3
+X3 = X3 - Z3
+Z3 = X2 + Z2
+X2 = X2 - Z2
+t1 = t1 * X2
+X3 = X3 * Z3
+Z3 = Z3^2
+X2 = X2^2
+t2 = Z3 - X2
+Z2 = t2 * a24
+Z2 = Z2 + X2
+Z4 = Z2 * t2
+X4 = X2 * Z3
+_X3 = t1 + X3
+Z3 = t1 - X3
+X5 = _X3^2
+Z3 = Z3^2
+Z5 = X1 * Z3
diff --git a/pyecsca/ec/data/formulas/ladd-boringssl-x25519 b/pyecsca/ec/data/formulas/ladd-boringssl-x25519
new file mode 100644
index 0000000..a1ed9a9
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-boringssl-x25519
@@ -0,0 +1,5 @@
+source BoringSSL bfa8369 https://github.com/google/boringssl/blob/bfa8369795b7533a222a72b7a1bc928941cd66bf/crypto/curve25519/curve25519.c#L624
+parameter a24
+assume a24 = (a+2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-boringssl-x25519.op3 b/pyecsca/ec/data/formulas/ladd-boringssl-x25519.op3
new file mode 100644
index 0000000..738d213
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-boringssl-x25519.op3
@@ -0,0 +1,18 @@
+tmp0 = X3 - Z3
+tmp1 = X2 - Z2
+X2 = X2 + Z2
+Z2 = X3 + Z3
+Z3 = tmp0 * X2
+Z2 = Z2 * tmp1
+tmp0 = tmp1^2
+tmp1 = X2^2
+X3 = Z3 + Z2
+Z2 = Z3 - Z2
+X4 = tmp1 * tmp0
+tmp1 = tmp1 - tmp0
+Z2 = Z2^2
+Z3 = tmp1 * a24
+X5 = X3^2
+tmp0 = tmp0 + Z3
+Z5 = X1 * Z2
+Z4 = tmp1 * tmp0
diff --git a/pyecsca/ec/data/formulas/ladd-botan-x25519 b/pyecsca/ec/data/formulas/ladd-botan-x25519
new file mode 100644
index 0000000..ae1571d
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-botan-x25519
@@ -0,0 +1,4 @@
+source Botan 3.2.0 https://github.com/randombit/botan/blob/3.2.0/src/lib/pubkey/curve25519/donna.cpp#L299
+coords xz
+parameter am24
+assume am24 = (a-2)/4
diff --git a/pyecsca/ec/data/formulas/ladd-botan-x25519.op3 b/pyecsca/ec/data/formulas/ladd-botan-x25519.op3
new file mode 100644
index 0000000..b375514
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-botan-x25519.op3
@@ -0,0 +1,18 @@
+Z1new = X2 - Z2
+X1new = X2 + Z2
+Z2new = X3 - Z3
+X2new = X3 + Z3
+xxprime = X2new * Z1new
+zzprime = Z2new * X1new
+zzprime_new = xxprime - zzprime
+xxprime_new = xxprime + zzprime
+X5 = xxprime_new^2
+zzzprime = zzprime_new^2
+Z5 = zzzprime * X1
+xx = X1new^2
+zz = Z1new^2
+X4 = xx * zz
+zz = xx - zz
+zzz = zz * am24
+zzz = zzz + xx
+Z4 = zz * zzz
diff --git a/pyecsca/ec/data/formulas/ladd-go-1214 b/pyecsca/ec/data/formulas/ladd-go-1214
new file mode 100644
index 0000000..c6ca9da
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-go-1214
@@ -0,0 +1,5 @@
+source go crypto/ecdh/x25519 https://github.com/golang/go/blob/go1.21.4/src/crypto/ecdh/x25519.go#L86
+parameter a24
+assume a24 = (a+2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-go-1214.op3 b/pyecsca/ec/data/formulas/ladd-go-1214.op3
new file mode 100644
index 0000000..3bf8e7d
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-go-1214.op3
@@ -0,0 +1,18 @@
+t0 = X3-Z3
+t1 = X2-Z2
+X2 = X2+Z2
+Z2 = X3+Z3
+Z3 = t0*X2
+Z2 = Z2*t1
+t0 = t1^2
+t1 = X2^2
+X3 = Z3+Z2
+Z2 = Z3-Z2
+X4 = t1*t0
+t1 = t1-t0
+Z2 = Z2^2
+Z3 = t1 * a24
+X5 = X3^2
+t0 = t0+Z3
+Z5 = X1*Z2
+Z4 = t1*t0
diff --git a/pyecsca/ec/data/formulas/ladd-hacl-x25519 b/pyecsca/ec/data/formulas/ladd-hacl-x25519
new file mode 100644
index 0000000..ece09fc
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-hacl-x25519
@@ -0,0 +1,5 @@
+source HACL* https://github.com/hacl-star/hacl-star/blob/v0.3.0/specs/Spec.Curve25519.fst#L56
+parameter am24
+assume am24 = (a-2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-hacl-x25519.op3 b/pyecsca/ec/data/formulas/ladd-hacl-x25519.op3
new file mode 100644
index 0000000..7893eb9
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-hacl-x25519.op3
@@ -0,0 +1,18 @@
+a = X2 + Z2
+b = X2 - Z2
+c = X3 + Z3
+d = X3 - Z3
+da = d * a
+cb = c * b
+X3 = da + cb
+Z3 = da - cb
+aa = a^2
+bb = b^2
+X5 = X3^2
+Z3 = Z3^2
+e = aa - bb
+e121665 = e * am24
+aa_e121665 = aa + e121665
+X4 = aa * bb
+Z4 = e * aa_e121665
+Z5 = Z3 * X1
diff --git a/pyecsca/ec/data/formulas/ladd-openssl-x25519 b/pyecsca/ec/data/formulas/ladd-openssl-x25519
new file mode 100644
index 0000000..5f94535
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-openssl-x25519
@@ -0,0 +1,5 @@
+source OpenSSL 3.1.4 https://github.com/openssl/openssl/blob/openssl-3.1.4/crypto/ec/curve25519.c#L211
+parameter a24
+assume a24 = (a+2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-openssl-x25519.op3 b/pyecsca/ec/data/formulas/ladd-openssl-x25519.op3
new file mode 100644
index 0000000..f781529
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-openssl-x25519.op3
@@ -0,0 +1,18 @@
+tmp0 = X3 - Z3
+tmp1 = X2 - Z2
+X2 = X2 + Z2
+Z2 = X3 + Z3
+Z3 = X2 * tmp0
+Z2 = Z2 * tmp1
+tmp0 = tmp1^2
+tmp1 = X2^2
+X3 = Z3 + Z2
+Z2 = Z3 - Z2
+X4 = tmp1 * tmp0
+tmp1 = tmp1 - tmp0
+Z2 = Z2^2
+Z3 = tmp1 * a24
+X5 = X3^2
+tmp0 = tmp0 + Z3
+Z5 = X1 * Z2
+Z4 = tmp1 * tmp0
diff --git a/pyecsca/ec/data/formulas/ladd-rfc7748 b/pyecsca/ec/data/formulas/ladd-rfc7748
new file mode 100644
index 0000000..18fd36c
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-rfc7748
@@ -0,0 +1,5 @@
+source RFC 7748
+parameter am24
+assume am24 = (a-2)/4
+assume Z1 = 1
+coords xz
diff --git a/pyecsca/ec/data/formulas/ladd-rfc7748.op3 b/pyecsca/ec/data/formulas/ladd-rfc7748.op3
new file mode 100644
index 0000000..8ea3d94
--- /dev/null
+++ b/pyecsca/ec/data/formulas/ladd-rfc7748.op3
@@ -0,0 +1,18 @@
+A = X2 + Z2
+AA = A^2
+B = X2 - Z2
+BB = B^2
+E = AA - BB
+C = X3 + Z3
+D = X3 - Z3
+DA = D * A
+CB = C * B
+DApCB = DA + CB
+X5 = DApCB^2
+DAmCB = DA - CB
+DAmCB2 = DAmCB^2
+Z5 = X1 * DAmCB2
+X4 = AA * BB
+E24 = E * am24
+AAE = AA + E24
+Z4 = E * AAE
diff --git a/pyecsca/ec/data/formulas/madd-secp256k1-v040 b/pyecsca/ec/data/formulas/madd-secp256k1-v040
new file mode 100644
index 0000000..54341ee
--- /dev/null
+++ b/pyecsca/ec/data/formulas/madd-secp256k1-v040
@@ -0,0 +1,2 @@
+source libsecp256k1 v0.4.0 https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/group_impl.h#L670
+coords Jacobian
diff --git a/pyecsca/ec/data/formulas/madd-secp256k1-v040.op3 b/pyecsca/ec/data/formulas/madd-secp256k1-v040.op3
new file mode 100644
index 0000000..5b062cd
--- /dev/null
+++ b/pyecsca/ec/data/formulas/madd-secp256k1-v040.op3
@@ -0,0 +1,30 @@
+zz = Z1^2
+u1 = X1
+u2 = X2*zz
+s1 = Y1
+s2 = Y2*zz
+s2 = s2*Z1
+t = u1+u2
+m = s1+s2
+rr = t^2
+malt = -u2
+tt = u1*malt
+rr = rr+tt
+rralt = s1*2
+malt = malt+u1
+rralt = rr
+malt = m
+n = malt^2
+q = -t
+q = q*n
+n = n^2
+t = rralt^2
+Z3 = Z1*malt
+t = t+q
+X3 = t
+t = t*2
+t = t+q
+t = t*rralt
+t = t+n
+Y3 = -t
+Y3 = Y3/2
-- 
cgit v1.2.3-70-g09d2