Expose ECP R value for Phase5 flow
diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c
index d546ab7..be43f53 100644
--- a/examples/example_ecdsa.c
+++ b/examples/example_ecdsa.c
@@ -297,7 +297,7 @@
     printf("\n");
 
     // Calculate the R signature component
-    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
     if (rc)
     {
         fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/examples/example_r.c b/examples/example_r.c
index af1e2f1..43b78c5 100644
--- a/examples/example_r.c
+++ b/examples/example_r.c
@@ -479,7 +479,7 @@
     }
 
     // Calculate the R signature component
-    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
     if (rc)
     {
         fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/include/amcl/factoring_zk.h b/include/amcl/factoring_zk.h
index bb853cd..b8738f3 100644
--- a/include/amcl/factoring_zk.h
+++ b/include/amcl/factoring_zk.h
@@ -35,8 +35,13 @@
 {
 #endif
 
+#ifndef FS_2048
 #define FS_2048 MODBYTES_1024_58 * FFLEN_2048  /**< 2048 field size in bytes */
+#endif
+
+#ifndef HFS_2048
 #define HFS_2048 MODBYTES_1024_58 * HFLEN_2048 /**< Half 2048 field size in bytes */
+#endif
 
 #define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */
 
diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h
index 8818ac7..b5b8e63 100644
--- a/include/amcl/mpc.h
+++ b/include/amcl/mpc.h
@@ -86,7 +86,8 @@
 
 /** \brief R component
  *
- *  Generate the ECDSA signature R component
+ *  Generate the ECDSA signature R component. It also outputs the ECP
+ *  associate to the R component if specified
  *
  *  <ol>
  *  <li> \f$ r_x, r_y = k^{-1}G \f$ where G is the group generator
@@ -97,9 +98,10 @@
  *  @param  GAMMAPT1          Actor 1 gamma point
  *  @param  GAMMAPT2          Actor 2 gamma point
  *  @param  R                 R component of the signature
+ *  @param  RP                ECP associated to the R component of the signature. Optional
  *  @return                   Returns 0 or else error code
  */
-int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R);
+int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
 
 /** \brief Hash the message value
  *
diff --git a/python/amcl_mpc.py b/python/amcl_mpc.py
index 18c9156..166446e 100755
--- a/python/amcl_mpc.py
+++ b/python/amcl_mpc.py
@@ -97,7 +97,7 @@
 extern void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA);
 extern void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
 extern void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
-extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R);
+extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
 extern void MPC_HASH(int sha, octet *M, octet *HM);
 extern int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S);
 extern void MPC_SUM_S(octet *S1, octet *S2, octet *S);
@@ -131,7 +131,7 @@
 HFS_2048 = 128
 FS_4096 = 512
 EGS_SECP256K1 = 32
-PTS_SECP256K1 = 2*EGS_SECP256K1 + 1
+EFS_SECP256K1 = 32
 SHA256 = 32
 curve_order = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
 
@@ -317,12 +317,12 @@
     else:
         ecdsa_sk1, ecdsa_sk1_val = make_octet(EGS_SECP256K1)        
 
-    ecdsa_pk1, ecdsa_pk1_val = make_octet(PTS_SECP256K1)                
+    ecdsa_pk1, ecdsa_pk1_val = make_octet(2 * EFS_SECP256K1)                
 
     rc = libamcl_curve_secp256k1.ECP_SECP256K1_KEY_PAIR_GENERATE(rng, ecdsa_sk1, ecdsa_pk1)
 
     ecdsa_sk2 = to_str(ecdsa_sk1)
-    ecdsa_pk2 = to_str(ecdsa_pk1)    
+    ecdsa_pk2 = to_str(ecdsa_pk1)
     
     return rc, ecdsa_pk2, ecdsa_sk2
 
@@ -524,9 +524,9 @@
 
     Returns::
 
-        r: R component of the signature
         rc: Zero for success or else an error code
-
+        r : R component of the signature
+        rp: ECP associated to R component of signature
     Raises:
 
     """
@@ -535,12 +535,14 @@
     gammapt21, gammapt21_val = make_octet(None, gammapt2)    
     
     r1, r1_val = make_octet(EGS_SECP256K1)
+    rp, rp_val = make_octet(EFS_SECP256K1 + 1)
     
-    rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1)
+    rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1, rp)
 
     r2 = to_str(r1)
+    rp_str = to_str(rp)
     
-    return rc, r2
+    return rc, r2, rp_str
 
 def mpc_hash(message):
     """Hash the message value
@@ -677,7 +679,7 @@
     pk11, pk11_val = make_octet(None, pk1)
     pk21, pk21_val = make_octet(None, pk2)    
     
-    pk1, pk1_val = make_octet(PTS_SECP256K1)
+    pk1, pk1_val = make_octet(EFS_SECP256K1 + 1)
 
     rc = libamcl_mpc.MPC_SUM_PK(pk11, pk21, pk1);
 
diff --git a/python/example_ecdsa.py b/python/example_ecdsa.py
index 8156f7d..6c99a72 100755
--- a/python/example_ecdsa.py
+++ b/python/example_ecdsa.py
@@ -84,7 +84,7 @@
 
     # Calculate the R signature component
 
-    rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+    rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
 
 
     # ALPHA1 + BETA2 = K1 * W2    
diff --git a/python/example_r.py b/python/example_r.py
index b438cf0..fbed92e 100755
--- a/python/example_r.py
+++ b/python/example_r.py
@@ -169,7 +169,7 @@
     assert INVKGAMMAGOLDEN_hex == INVKGAMMA_hex, f"expected {INVKGAMMAGOLDEN_hex} got {INVKGAMMA_hex}"      
     # Calculate the R signature component
 
-    rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+    rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
 
     SIG_R_hex = SIG_R.hex()        
     assert SIG_RGOLDEN_hex == SIG_R_hex, f"expected {SIG_RGOLDEN_hex} got {SIG_R_hex}"      
diff --git a/python/test_ecdsa.py b/python/test_ecdsa.py
index 56aea4a..98c85a0 100755
--- a/python/test_ecdsa.py
+++ b/python/test_ecdsa.py
@@ -92,7 +92,7 @@
 
             # Calculate the R signature component
 
-            rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+            rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
            
             # ALPHA1 + BETA2 = K1 * W2    
 
diff --git a/python/test_r.py b/python/test_r.py
index d479f8f..f3175ea 100755
--- a/python/test_r.py
+++ b/python/test_r.py
@@ -78,7 +78,7 @@
 
             # Calculate the R signature component
 
-            rc, sig_r = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2'])
+            rc, sig_r, _ = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2'])
             self.assertEqual(vector['SIG_R'], sig_r.hex())
             self.assertEqual(rc, 0)            
             
diff --git a/src/mpc.c b/src/mpc.c
index d8729a9..14eb75e 100644
--- a/src/mpc.c
+++ b/src/mpc.c
@@ -162,32 +162,30 @@
 {
     BIG_256_56 kgamma1;
     BIG_256_56 kgamma2;
-    BIG_256_56 kgamma;
-    BIG_256_56 invkgamma;
     BIG_256_56 q;
 
     // Curve order
     BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
 
     // Load values
-    BIG_256_56_fromBytes(kgamma1, KGAMMA1->val);
-    BIG_256_56_fromBytes(kgamma2, KGAMMA2->val);
+    BIG_256_56_fromBytesLen(kgamma1, KGAMMA1->val, KGAMMA1->len);
+    BIG_256_56_fromBytesLen(kgamma2, KGAMMA2->val, KGAMMA2->len);
 
     // kgamma = kgamma1 + kgamma2 mod q
-    BIG_256_56_add(kgamma, kgamma1, kgamma2);
-    BIG_256_56_mod(kgamma, q);
+    BIG_256_56_add(kgamma1, kgamma1, kgamma2);
+    BIG_256_56_mod(kgamma1, q);
 
     // invkgamma = kgamma^{-1}
-    BIG_256_56_invmodp(invkgamma, kgamma, q);
+    BIG_256_56_invmodp(kgamma1, kgamma1, q);
 
     // Output result
     INVKGAMMA->len = EGS_SECP256K1;
-    BIG_256_56_toBytes(INVKGAMMA->val, invkgamma);
+    BIG_256_56_toBytes(INVKGAMMA->val, kgamma1);
 }
 
 
 /* Calculate the r component of the signature */
-int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R)
+int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP)
 {
     BIG_256_56 invkgamma;
     BIG_256_56 q;
@@ -200,16 +198,16 @@
     BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
 
     // Load values
-    BIG_256_56_fromBytes(invkgamma, INVKGAMMA->val);
+    BIG_256_56_fromBytesLen(invkgamma, INVKGAMMA->val, INVKGAMMA->len);
 
     if (!ECP_SECP256K1_fromOctet(&gammapt1, GAMMAPT1))
     {
-        return 1;
+        return MPC_INVALID_ECP;
     }
 
     if (!ECP_SECP256K1_fromOctet(&gammapt2, GAMMAPT2))
     {
-        return 1;
+        return MPC_INVALID_ECP;
     }
 
     // gammapt1 + gammapt2
@@ -223,14 +221,19 @@
     BIG_256_56_mod(rx, q);
     if (BIG_256_56_iszilch(rx))
     {
-        return 1;
+        return MPC_FAIL;
     }
 
     // Output result
     R->len = EGS_SECP256K1;
     BIG_256_56_toBytes(R->val, rx);
 
-    return 0;
+    if (RP != NULL)
+    {
+        ECP_SECP256K1_toOctet(RP, &gammapt1, true);
+    }
+
+    return MPC_OK;
 }
 
 // Hash the message
@@ -271,14 +274,14 @@
     BIG_256_56_mod(s, q);
     if (BIG_256_56_iszilch(s))
     {
-        return 1;
+        return MPC_FAIL;
     }
 
     // Output result
     S->len = EGS_SECP256K1;
     BIG_256_56_toBytes(S->val, s);
 
-    return 0;
+    return MPC_OK;
 }
 
 /* Calculate sum of s components of signature  */
@@ -314,12 +317,12 @@
     // Load values
     if (!ECP_SECP256K1_fromOctet(&pk1, PK1))
     {
-        return 1;
+        return MPC_INVALID_ECP;
     }
 
     if (!ECP_SECP256K1_fromOctet(&pk2, PK2))
     {
-        return 1;
+        return MPC_INVALID_ECP;
     }
 
     // pk1 + pk2
@@ -328,7 +331,7 @@
     // Output result
     ECP_SECP256K1_toOctet(PK, &pk1, true);
 
-    return 0;
+    return MPC_OK;
 }
 
 int MPC_PHASE5_commit(csprng *RNG, octet *R, octet *S, octet *PHI, octet *RHO, octet *V, octet *A)
diff --git a/src/mta.c b/src/mta.c
index c8fba17..19d6b55 100644
--- a/src/mta.c
+++ b/src/mta.c
@@ -274,27 +274,27 @@
     BIG_256_56 q;
 
     // Curve order
-    BIG_256_56_rcopy(q,CURVE_Order_SECP256K1);
+    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
 
     // Load values
-    BIG_256_56_fromBytes(a,A->val);
-    BIG_256_56_fromBytes(b,B->val);
-    BIG_256_56_fromBytes(alpha,ALPHA->val);
-    BIG_256_56_fromBytes(beta,BETA->val);
+    BIG_256_56_fromBytesLen(a, A->val, A->len);
+    BIG_256_56_fromBytesLen(b, B->val, B->len);
+    BIG_256_56_fromBytesLen(alpha, ALPHA->val, ALPHA->len);
+    BIG_256_56_fromBytesLen(beta, BETA->val, BETA->len);
 
     // sum = a.b mod q
-    BIG_256_56_modmul(sum,a,b,q);
+    BIG_256_56_modmul(sum, a, b, q);
 
     // sum = sum + alpha  + beta
-    BIG_256_56_add(sum,sum,alpha);
-    BIG_256_56_add(sum,sum,beta);
+    BIG_256_56_add(sum, sum, alpha);
+    BIG_256_56_add(sum, sum, beta);
 
     // sum = sum mod q
-    BIG_256_56_mod(sum,q);
+    BIG_256_56_mod(sum, q);
 
     // Output result
-    SUM->len=EGS_SECP256K1;
-    BIG_256_56_toBytes(SUM->val,sum);
+    SUM->len = EGS_SECP256K1;
+    BIG_256_56_toBytes(SUM->val, sum);
 
     // Clean memory
     BIG_256_56_zero(a);
diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c
index f1100a7..8e28c2c 100644
--- a/test/smoke/test_ecdsa_smoke.c
+++ b/test/smoke/test_ecdsa_smoke.c
@@ -305,7 +305,7 @@
     printf("\n");
 
     // Calculate the R signature component
-    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
     if (rc)
     {
         fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/test/smoke/test_r_smoke.c b/test/smoke/test_r_smoke.c
index 6103d41..44407ad 100644
--- a/test/smoke/test_r_smoke.c
+++ b/test/smoke/test_r_smoke.c
@@ -79,9 +79,13 @@
 
 char* INVKGAMMA_hex = "f9419b11580cdc098cbcbfd3ac06e70d2d4827447353f64bd97daa5667b34ef9";
 
-char* GAMMAPT1_hex = "03206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73";
+char* GAMMAPT1_hex = "04206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73385833cafe293b42e33097a79397c77c94a7d12a32304514a890a0c2d747a40d";
 
-char* GAMMAPT2_hex = "03fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed32";
+char* GAMMAPT2_hex = "04fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed326fdc2404c8e236d5bea82bcbe4aeeb7545c8b5d0a19a39e00bacf8a7143800a9";
+
+char* SUMGAMMAPT_hex = "04b46da316359aead5e06c983407b199465bad193dc661334aafb1d7d94bafe721e671defdf3eedef2b6f298f7cdc673a740e88dbb313f2afdb294ee6527e325c1";
+
+char* RPT_hex = "048adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9fdefc78277d8cb4865e3e4b17c2821017316d9b21e648e733a207aee22ec91b3c";
 
 char* SIG_R_hex = "8adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9f";
 
@@ -203,10 +207,10 @@
     char invkgammagolden[EGS_SECP256K1];
     octet INVKGAMMAGOLDEN = {0,sizeof(invkgammagolden),invkgammagolden};
 
-    char gammapt1[EFS_SECP256K1+1];
+    char gammapt1[2*EFS_SECP256K1+1];
     octet GAMMAPT1 = {0,sizeof(gammapt1),gammapt1};
 
-    char gammapt2[EFS_SECP256K1+1];
+    char gammapt2[2*EFS_SECP256K1+1];
     octet GAMMAPT2 = {0,sizeof(gammapt2),gammapt2};
 
     char sig_rgolden[EGS_SECP256K1];
@@ -477,15 +481,13 @@
     }
 
     // Calculate the R signature component
-    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+    rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
     if (rc)
     {
         fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
         exit(EXIT_FAILURE);
     }
 
-    printf("%d", rc);
-
     printf("SIG_R: ");
     OCT_output(&SIG_R);
     printf("\n");
diff --git a/test/unit/test_r.c b/test/unit/test_r.c
index 03129bf..3a1b54f 100644
--- a/test/unit/test_r.c
+++ b/test/unit/test_r.c
@@ -229,7 +229,7 @@
             MPC_INVKGAMMA(&SUM1, &SUM2, &INVKGAMMA);
 
             // Calculate the R signature component
-            rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+            rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
 
             sprintf(err_msg, "MPC_R rc: %d", rc);
             assert_tv(fp, testNo, err_msg, rc == 0);