diff --git a/cubic.go b/cubic.go
index b4def71..0e793b9 100644
--- a/cubic.go
+++ b/cubic.go
@@ -22,6 +22,7 @@ import (
     "github.com/consensys/gnark/frontend/cs/r1cs"
     "github.com/consensys/gnark/backend/groth16"
     _ "gnark-ed25519/edwards_curve"
+    _ "gnark-ed25519/sha512"
 )
 
 // Circuit defines a simple circuit
diff --git a/sha512/ch.go b/sha512/ch.go
new file mode 100644
index 0000000..fbfde20
--- /dev/null
+++ b/sha512/ch.go
@@ -0,0 +1,28 @@
+package sha512
+
+import (
+	"github.com/consensys/gnark/frontend"
+)
+
+func Ch_t512(api frontend.API, a, b, c [] frontend.Variable) ([] frontend.Variable) {
+	n := len(a)
+	if len(a) != n { panic("bad length") }
+	if len(b) != n { panic("bad length") }
+	if len(c) != n { panic("bad length") }
+	out := make([] frontend.Variable, n)
+	for k := 0; k < n; k++ {
+		out[k] = api.Add(api.Mul(a[k], api.Sub(b[k], c[k])), c[k]);
+	}
+	return out
+}
+
+// template Ch_t512(n) {
+//     signal input a[n];
+//     signal input b[n];
+//     signal input c[n];
+//     signal output out[n];
+
+//     for (var k=0; k<n; k++) {
+//         out[k] <== a[k] * (b[k]-c[k]) + c[k];
+//     }
+// }