Implementation notes: aarch64, pi3aplus, crypto_aead/romulusm

Computer: pi3aplus
Microarchitecture: aarch64; A53 (410fd034)
Architecture: aarch64
CPU ID: 410fd034
SUPERCOP version: 20221122
Operation: crypto_aead
Primitive: romulusm

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
423968	10692 0 0	23968 864 864	`aadomn/armv8a/precalculate`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
425940	9452 0 0	21439 856 848	`aadomn/armv8a/precalculate`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
431053	9676 0 0	21855 856 848	`aadomn/armv8a/precalculate`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
431375	9188 0 0	20383 840 840	`aadomn/armv8a/precalculate`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
512473	10520 0 0	23792 864 864	`aadomn/armv8a/onthefly`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
513181	9248 0 0	21239 856 848	`aadomn/armv8a/onthefly`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
516440	9068 0 0	20263 840 840	`aadomn/armv8a/onthefly`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
517496	9536 0 0	21727 856 848	`aadomn/armv8a/onthefly`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
1761701	26796 640 0	40501 1408 856	`aadomn/opt32`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20220531	20220506
1907536	25064 640 0	38488 1512 864	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
2676270	17588 640 0	29808 1504 848	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
3102944	17248 640 0	28664 1488 840	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
3522453	19888 640 0	32288 1504 848	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20220531	20220506
3825244	21452 12 0	34888 876 864	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
5132140	15064 12 0	28645 780 856	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
21527318	6896 12 0	19007 868 848	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
23055850	6416 12 0	18687 868 848	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
24056793	5472 12 0	16759 852 840	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005

Test failure

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt returns nonzero

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32

Test failure

Implementation: T:opt32t
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt allows trivial forgeries

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t

Compiler output

Implementation: aadomn/armv8a/onthefly
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

skinny128.S: <instantiation>:1:11: error: literal value out of range for directive
skinny128.S: ldr q20, =0x0b0c0e0a0d080f090304060205000701
skinny128.S: ^
skinny128.S: skinny128.S:156:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:2:12: error: literal value out of range for directive
skinny128.S: ldr q21, =0x00000000000000020000000000000000
skinny128.S: ^
skinny128.S: skinny128.S:156:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:3:6: error: invalid operand for instruction
skinny128.S: ldr q22, =0x00000000000000000000000000000000
skinny128.S: ^
skinny128.S: skinny128.S:156:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:4:12: error: literal value out of range for directive
skinny128.S: ldr q23, =0x09080b0a06050407030201000c0f0e0d
skinny128.S: ^
skinny128.S: skinny128.S:156:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:5:12: error: literal value out of range for directive
skinny128.S: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/armv8a/onthefly

Compiler output

Implementation: aadomn/armv8a/precalculate
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

skinny128.S: <instantiation>:1:11: error: literal value out of range for directive
skinny128.S: ldr q21, =0x00000000000000020000000000000000
skinny128.S: ^
skinny128.S: skinny128.S:113:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:2:12: error: literal value out of range for directive
skinny128.S: ldr q22, =0x0f0e0d0c0a0b09080304060205000701
skinny128.S: ^
skinny128.S: skinny128.S:113:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:3:12: error: literal value out of range for directive
skinny128.S: ldr q23, =0x09080b0a06050407030201000c0f0e0d
skinny128.S: ^
skinny128.S: skinny128.S:113:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:4:12: error: literal value out of range for directive
skinny128.S: ldr q24, =0x0302010009080b0a1010101009080b0a
skinny128.S: ^
skinny128.S: skinny128.S:113:2: note: while in macro instantiation
skinny128.S: prepare_encrypt
skinny128.S: ^
skinny128.S: <instantiation>:6:12: error: literal value out of range for directive
skinny128.S: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/armv8a/precalculate

Namespace violations

Implementation: aadomn/armv8a/onthefly
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/onthefly
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/onthefly
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/onthefly
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/onthefly

Namespace violations

Implementation: aadomn/armv8a/precalculate
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/precalculate
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/precalculate
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/precalculate
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/armv8a/precalculate

Namespace violations

Implementation: aadomn/opt32
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

romulus_m.o romulusm_generate_tag T
romulus_m.o romulusm_init T
romulus_m.o romulusm_process_ad T
romulus_m.o romulusm_process_msg T
romulus_m.o romulusm_verify_tag T
romulus_m.o zeroize T
skinny128.o mixcolumns_0 T
skinny128.o mixcolumns_1 T
skinny128.o mixcolumns_2 T
skinny128.o mixcolumns_3 T
skinny128.o skinny128_384_plus T
tk_schedule.o lfsr2_bs T
tk_schedule.o lfsr3_bs T
tk_schedule.o packing T
tk_schedule.o permute_tk T
tk_schedule.o permute_tk_10 T
tk_schedule.o permute_tk_12 T
tk_schedule.o permute_tk_14 T
tk_schedule.o permute_tk_2 T
tk_schedule.o permute_tk_4 T
tk_schedule.o permute_tk_6 T
tk_schedule.o permute_tk_8 T
tk_schedule.o precompute_lfsr_tk2 T
tk_schedule.o precompute_lfsr_tk3 T
tk_schedule.o rconst_32_bs D
tk_schedule.o tk_schedule_1 T
tk_schedule.o tk_schedule_123 T
tk_schedule.o tk_schedule_13 T
tk_schedule.o tk_schedule_23 T
tk_schedule.o unpacking T

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32

Namespace violations

Implementation: T:ref
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

romulus_m_reference.o ad2msg_encryption T
romulus_m_reference.o ad_encryption T
romulus_m_reference.o block_cipher T
romulus_m_reference.o compose_tweakey T
romulus_m_reference.o g8A T
romulus_m_reference.o generate_tag T
romulus_m_reference.o irho T
romulus_m_reference.o lfsr_gf56 T
romulus_m_reference.o msg_decryption T
romulus_m_reference.o msg_encryption T
romulus_m_reference.o nonce_encryption T
romulus_m_reference.o pad T
romulus_m_reference.o reset_lfsr_gf56 T
romulus_m_reference.o rho T
romulus_m_reference.o rho_ad T
romulus_m_reference.o romulus_m_decrypt T
romulus_m_reference.o romulus_m_encrypt T
skinny_reference.o AddConstants T
skinny_reference.o AddKey T
skinny_reference.o BLOCK_SIZE D
skinny_reference.o MixColumn T
skinny_reference.o N_RNDS D
skinny_reference.o P R
skinny_reference.o RC R
skinny_reference.o ShiftRows T
skinny_reference.o SubCell8 T
skinny_reference.o TWEAKEY_P R
skinny_reference.o TWEAKEY_SIZE D
skinny_reference.o enc T
skinny_reference.o sbox_8 R
skinny_reference.o skinny_128_384_plus_enc T

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref