diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer128f/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer128f/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer128f/aimer.c	2024-04-03 13:11:08.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer128f/aimer.c	2024-05-02 09:05:46.909791634 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -335,8 +351,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer128s/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer128s/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer128s/aimer.c	2024-04-03 13:11:08.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer128s/aimer.c	2024-05-02 09:05:46.909791634 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -335,8 +351,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer192f/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer192f/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer192f/aimer.c	2024-04-03 13:11:10.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer192f/aimer.c	2024-05-02 09:06:08.222277128 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -336,8 +352,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer192s/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer192s/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer192s/aimer.c	2024-04-03 13:11:12.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer192s/aimer.c	2024-05-02 09:06:08.222277128 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -336,8 +352,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer256f/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer256f/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer256f/aimer.c	2024-04-03 13:11:12.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer256f/aimer.c	2024-05-02 09:05:28.921381717 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -356,8 +372,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/aarch64/aimer256s/aimer.c 240402_AIMer.patched/Additional_Implementation/aarch64/aimer256s/aimer.c
--- 240402_AIMer/Additional_Implementation/aarch64/aimer256s/aimer.c	2024-04-03 13:11:14.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/aarch64/aimer256s/aimer.c	2024-05-02 09:05:28.921381717 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -356,8 +372,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer128f/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer128f/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer128f/aimer.c	2024-04-03 13:11:16.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer128f/aimer.c	2024-05-02 09:06:26.334689585 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -335,8 +351,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer128s/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer128s/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer128s/aimer.c	2024-04-03 13:11:16.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer128s/aimer.c	2024-05-02 09:06:26.334689585 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -335,8 +351,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer192f/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer192f/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer192f/aimer.c	2024-04-03 13:11:18.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer192f/aimer.c	2024-05-02 09:06:28.214732394 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -337,8 +353,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer192s/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer192s/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer192s/aimer.c	2024-04-03 13:11:20.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer192s/aimer.c	2024-05-02 09:06:28.214732394 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -337,8 +353,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer256f/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer256f/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer256f/aimer.c	2024-04-03 13:11:20.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer256f/aimer.c	2024-05-02 09:06:22.442600963 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -356,8 +372,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Additional_Implementation/avx2/aimer256s/aimer.c 240402_AIMer.patched/Additional_Implementation/avx2/aimer256s/aimer.c
--- 240402_AIMer/Additional_Implementation/avx2/aimer256s/aimer.c	2024-04-03 13:11:22.000000000 -0500
+++ 240402_AIMer.patched/Additional_Implementation/avx2/aimer256s/aimer.c	2024-05-02 09:06:22.442600963 -0500
@@ -9,6 +9,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -356,8 +372,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][0][i_bar],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer128f/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer128f/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer128f/aimer.c	2024-04-03 13:11:24.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer128f/aimer.c	2024-05-02 09:06:33.170845235 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -330,8 +346,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer128s/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer128s/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer128s/aimer.c	2024-04-03 13:11:26.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer128s/aimer.c	2024-05-02 09:06:33.170845235 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -330,8 +346,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer192f/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer192f/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer192f/aimer.c	2024-04-03 13:11:26.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer192f/aimer.c	2024-05-02 09:06:35.230892131 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -332,8 +348,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer192s/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer192s/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer192s/aimer.c	2024-04-03 13:11:28.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer192s/aimer.c	2024-05-02 09:06:35.230892131 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -332,8 +348,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer256f/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer256f/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer256f/aimer.c	2024-04-03 13:11:30.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer256f/aimer.c	2024-05-02 09:06:31.490806982 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -350,8 +366,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Optimized_Implementation/aimer256s/aimer.c 240402_AIMer.patched/Optimized_Implementation/aimer256s/aimer.c
--- 240402_AIMer/Optimized_Implementation/aimer256s/aimer.c	2024-04-03 13:11:30.000000000 -0500
+++ 240402_AIMer.patched/Optimized_Implementation/aimer256s/aimer.c	2024-05-02 09:06:31.490806982 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -350,8 +366,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer128f/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer128f/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer128f/aimer.c	2024-04-03 13:11:32.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer128f/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer128s/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer128s/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer128s/aimer.c	2024-04-03 13:11:32.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer128s/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer192f/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer192f/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer192f/aimer.c	2024-04-03 13:11:34.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer192f/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer192s/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer192s/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer192s/aimer.c	2024-04-03 13:11:36.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer192s/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer256f/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer256f/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer256f/aimer.c	2024-04-03 13:11:36.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer256f/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
diff -ruw 240402_AIMer/Reference_Implementation/aimer256s/aimer.c 240402_AIMer.patched/Reference_Implementation/aimer256s/aimer.c
--- 240402_AIMer/Reference_Implementation/aimer256s/aimer.c	2024-04-03 13:11:38.000000000 -0500
+++ 240402_AIMer.patched/Reference_Implementation/aimer256s/aimer.c	2024-05-02 09:06:29.886770463 -0500
@@ -8,6 +8,22 @@
 #include "params.h"
 #include "rng.h"
 #include "tree.h"
+#include "crypto_int64.h"
+
+static void lookup(uint8_t out[AIMER_COMMIT_SIZE],
+                   const uint8_t (*in)[AIMER_COMMIT_SIZE],
+                   crypto_int64 inlen,
+                   crypto_int64 inpos)
+{
+  crypto_int64 i, j;
+  memset(out,0,AIMER_COMMIT_SIZE);
+  for (i = 0;i < inlen;++i) {
+    crypto_int64 mask = crypto_int64_equal_mask(i,inpos);
+    for (j = 0;j < AIMER_COMMIT_SIZE;++j)
+      out[j] |= mask & in[i][j];
+  }
+}
+
 
 #define L   AIM2_NUM_INPUT_SBOX
 #define TAU AIMER_NUM_REPETITIONS
@@ -315,8 +331,7 @@
   {
     size_t i_bar = indices[rep];
     reveal_all_but(nodes[rep], i_bar, sig->proofs[rep].reveal_path);
-    memcpy(sig->proofs[rep].missing_commitment, commits[rep][i_bar],
-           AIMER_COMMIT_SIZE);
+    lookup(sig->proofs[rep].missing_commitment, commits[rep], N, i_bar);
     GF_to_bytes(alpha_v_shares[rep][i_bar][0],
                 sig->proofs[rep].missing_alpha_share_bytes);
   }
