diff --git a/Makefile.am b/Makefile.am
index 8723b53b2c..07207df29e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -284,3 +284,7 @@ endif
 if ENABLE_MODULE_ELLSWIFT
 include src/modules/ellswift/Makefile.am.include
 endif
+
+if ENABLE_MODULE_BATCH
+include src/modules/batch/Makefile.am.include
+endif
diff --git a/README.md b/README.md
index ed93e0519e..a3c8c998c6 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ Features:
 * Optional module for ECDH key exchange.
 * Optional module for Schnorr signatures according to [BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
 * Optional module for ElligatorSwift key exchange according to [BIP-324](https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki).
+* Optional module for Batch Verification (experimental).
 
 Implementation details
 ----------------------
diff --git a/batch_example b/batch_example
new file mode 100755
index 0000000000..ebe74a623e
Binary files /dev/null and b/batch_example differ
diff --git a/configure.ac b/configure.ac
index 6c4c11ddcd..37371a6ea8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -188,6 +188,10 @@ AC_ARG_ENABLE(module_ellswift,
     AS_HELP_STRING([--enable-module-ellswift],[enable ElligatorSwift module [default=yes]]), [],
     [SECP_SET_DEFAULT([enable_module_ellswift], [yes], [yes])])
 
+AC_ARG_ENABLE(module_batch,
+    AS_HELP_STRING([--enable-module-batch],[enable batch verification module (experimental) [default=no]]), [],
+    [SECP_SET_DEFAULT([enable_module_batch], [no], [yes])])
+
 AC_ARG_ENABLE(external_default_callbacks,
     AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), [],
     [SECP_SET_DEFAULT([enable_external_default_callbacks], [no], [no])])
@@ -418,6 +422,10 @@ if test x"$enable_module_ecdh" = x"yes"; then
   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1"
 fi
 
+if test x"$enable_module_batch" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_BATCH, 1, [Define this symbol to enable the batch verification module])
+fi
+
 if test x"$enable_external_default_callbacks" = x"yes"; then
   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1"
 fi
@@ -426,10 +434,19 @@ fi
 ### Check for --enable-experimental if necessary
 ###
 
-if test x"$enable_experimental" = x"no"; then
+if test x"$enable_experimental" = x"yes"; then
+  AC_MSG_NOTICE([******])
+  AC_MSG_NOTICE([WARNING: experimental build])
+  AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
+  AC_MSG_NOTICE([Building batch verification module: $enable_module_batch])
+  AC_MSG_NOTICE([******])
+else
   if test x"$set_asm" = x"arm32"; then
     AC_MSG_ERROR([ARM32 assembly is experimental. Use --enable-experimental to allow.])
   fi
+  if test x"$enable_module_batch" = x"yes"; then
+    AC_MSG_ERROR([batch verification module is experimental. Use --enable-experimental to allow.])
+  fi
 fi
 
 ###
@@ -450,6 +467,7 @@ AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"ye
 AM_CONDITIONAL([ENABLE_MODULE_EXTRAKEYS], [test x"$enable_module_extrakeys" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_ELLSWIFT], [test x"$enable_module_ellswift" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_BATCH], [test x"$enable_module_batch" = x"yes"])
 AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$enable_external_asm" = x"yes"])
 AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm32"])
 AM_CONDITIONAL([BUILD_WINDOWS], [test "$build_windows" = "yes"])
@@ -472,6 +490,7 @@ echo "  module recovery         = $enable_module_recovery"
 echo "  module extrakeys        = $enable_module_extrakeys"
 echo "  module schnorrsig       = $enable_module_schnorrsig"
 echo "  module ellswift         = $enable_module_ellswift"
+echo "  module batch            = $enable_module_batch"
 echo
 echo "  asm                     = $set_asm"
 echo "  ecmult window size      = $set_ecmult_window"
diff --git a/include/secp256k1_batch.h b/include/secp256k1_batch.h
new file mode 100644
index 0000000000..ea8fa63995
--- /dev/null
+++ b/include/secp256k1_batch.h
@@ -0,0 +1,25 @@
+#ifndef SECP256K1_BATCH_H
+#define SECP256K1_BATCH_H
+
+#include "secp256k1.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** This module implements a Batch Verification object that supports:
+ *
+ *  1. Schnorr signatures compliant with Bitcoin Improvement Proposal 340
+ *     "Schnorr Signatures for secp256k1"
+ *     (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
+ *
+ *  2. Taproot commitments compliant with Bitcoin Improvemtn Proposal 341
+ *     "Taproot: SegWit version 1 spending rules"
+ *     (https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki).
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SECP256K1_BATCH_H */
diff --git a/src/libsecp256k1-config.h b/src/libsecp256k1-config.h
new file mode 100644
index 0000000000..8761914e35
--- /dev/null
+++ b/src/libsecp256k1-config.h
@@ -0,0 +1,117 @@
+/* src/libsecp256k1-config.h.  Generated from libsecp256k1-config.h.in by configure.  */
+/* src/libsecp256k1-config.h.in.  Generated from configure.ac by autoheader.  */
+
+#ifndef LIBSECP256K1_CONFIG_H
+
+#define LIBSECP256K1_CONFIG_H
+
+/* Define this symbol to compile out all VERIFY code */
+/* #undef COVERAGE */
+
+/* Set ecmult gen precision bits */
+#define ECMULT_GEN_PREC_BITS 4
+
+/* Set window size for ecmult precomputation */
+#define ECMULT_WINDOW_SIZE 15
+
+/* Define this symbol to enable the batch verification module */
+#define ENABLE_MODULE_BATCH 1
+
+/* Define this symbol to enable the ECDH module */
+/* #undef ENABLE_MODULE_ECDH */
+
+/* Define this symbol to enable the extrakeys module */
+#define ENABLE_MODULE_EXTRAKEYS 1
+
+/* Define this symbol to enable the ECDSA pubkey recovery module */
+/* #undef ENABLE_MODULE_RECOVERY */
+
+/* Define this symbol to enable the schnorrsig module */
+#define ENABLE_MODULE_SCHNORRSIG 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define this symbol if valgrind is installed, and it supports the host
+   platform */
+/* #undef HAVE_VALGRIND */
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#define LT_OBJDIR ".libs/"
+
+/* Name of package */
+#define PACKAGE "libsecp256k1"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "https://github.com/bitcoin-core/secp256k1/issues"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "libsecp256k1"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "libsecp256k1 0.1.0-pre"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "libsecp256k1"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL "https://github.com/bitcoin-core/secp256k1"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1.0-pre"
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#define STDC_HEADERS 1
+
+/* Define this symbol to enable x86_64 assembly optimizations */
+#define USE_ASM_X86_64 1
+
+/* Define this symbol if an external (non-inline) assembly implementation is
+   used */
+/* #undef USE_EXTERNAL_ASM */
+
+/* Define this symbol if an external implementation of the default callbacks
+   is used */
+/* #undef USE_EXTERNAL_DEFAULT_CALLBACKS */
+
+/* Define this symbol to force the use of the (unsigned) __int128 based wide
+   multiplication implementation */
+/* #undef USE_FORCE_WIDEMUL_INT128 */
+
+/* Define this symbol to force the use of the (u)int64_t based wide
+   multiplication implementation */
+/* #undef USE_FORCE_WIDEMUL_INT64 */
+
+/* Version number of package */
+#define VERSION "0.1.0-pre"
+
+#endif /*LIBSECP256K1_CONFIG_H*/
diff --git a/src/libsecp256k1-config.h.in b/src/libsecp256k1-config.h.in
new file mode 100644
index 0000000000..f0c97654ec
--- /dev/null
+++ b/src/libsecp256k1-config.h.in
@@ -0,0 +1,116 @@
+/* src/libsecp256k1-config.h.in.  Generated from configure.ac by autoheader.  */
+
+#ifndef LIBSECP256K1_CONFIG_H
+
+#define LIBSECP256K1_CONFIG_H
+
+/* Define this symbol to compile out all VERIFY code */
+#undef COVERAGE
+
+/* Set ecmult gen precision bits */
+#undef ECMULT_GEN_PREC_BITS
+
+/* Set window size for ecmult precomputation */
+#undef ECMULT_WINDOW_SIZE
+
+/* Define this symbol to enable the batch verification module */
+#undef ENABLE_MODULE_BATCH
+
+/* Define this symbol to enable the ECDH module */
+#undef ENABLE_MODULE_ECDH
+
+/* Define this symbol to enable the extrakeys module */
+#undef ENABLE_MODULE_EXTRAKEYS
+
+/* Define this symbol to enable the ECDSA pubkey recovery module */
+#undef ENABLE_MODULE_RECOVERY
+
+/* Define this symbol to enable the schnorrsig module */
+#undef ENABLE_MODULE_SCHNORRSIG
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define this symbol if valgrind is installed, and it supports the host
+   platform */
+#undef HAVE_VALGRIND
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#undef STDC_HEADERS
+
+/* Define this symbol to enable x86_64 assembly optimizations */
+#undef USE_ASM_X86_64
+
+/* Define this symbol if an external (non-inline) assembly implementation is
+   used */
+#undef USE_EXTERNAL_ASM
+
+/* Define this symbol if an external implementation of the default callbacks
+   is used */
+#undef USE_EXTERNAL_DEFAULT_CALLBACKS
+
+/* Define this symbol to force the use of the (unsigned) __int128 based wide
+   multiplication implementation */
+#undef USE_FORCE_WIDEMUL_INT128
+
+/* Define this symbol to force the use of the (u)int64_t based wide
+   multiplication implementation */
+#undef USE_FORCE_WIDEMUL_INT64
+
+/* Version number of package */
+#undef VERSION
+
+#endif /*LIBSECP256K1_CONFIG_H*/
diff --git a/src/modules/batch/Makefile.am.include b/src/modules/batch/Makefile.am.include
new file mode 100644
index 0000000000..08f12bf4c9
--- /dev/null
+++ b/src/modules/batch/Makefile.am.include
@@ -0,0 +1,2 @@
+include_HEADERS += include/secp256k1_batch.h
+noinst_HEADERS += src/modules/batch/main_impl.h
diff --git a/src/modules/batch/main_impl.h b/src/modules/batch/main_impl.h
new file mode 100644
index 0000000000..c07033a8bd
--- /dev/null
+++ b/src/modules/batch/main_impl.h
@@ -0,0 +1,6 @@
+#ifndef SECP256K1_MODULE_BATCH_MAIN_H
+#define SECP256K1_MODULE_BATCH_MAIN_H
+
+#include "include/secp256k1_batch.h"
+
+#endif /* SECP256K1_MODULE_BATCH_MAIN_H */
diff --git a/src/secp256k1.c b/src/secp256k1.c
index 72d725a74e..87c049de6c 100644
--- a/src/secp256k1.c
+++ b/src/secp256k1.c
@@ -833,3 +833,7 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32,
 #ifdef ENABLE_MODULE_ELLSWIFT
 # include "modules/ellswift/main_impl.h"
 #endif
+
+#ifdef ENABLE_MODULE_BATCH
+# include "modules/batch/main_impl.h"
+#endif
diff --git a/src/stamp-h1 b/src/stamp-h1
new file mode 100644
index 0000000000..f863082f5f
--- /dev/null
+++ b/src/stamp-h1
@@ -0,0 +1 @@
+timestamp for src/libsecp256k1-config.h