Implementation notes: amd64, hydra4, crypto_aead/romulusm

Computer: hydra4
Microarchitecture: amd64; K10 32nm (300f10)
Architecture: amd64
CPU ID: AuthenticAMD-00300f10-178bfbff
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: romulusm

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
1509671	28858 640 0	44752 1460 1016	`aadomn/opt32`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1525030	28690 640 0	43760 1460 1016	`aadomn/opt32`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1529027	28882 640 0	44784 1460 1016	`aadomn/opt32`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1933531	22297 640 0	37256 1428 1080	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
1996059	19787 640 0	34055 1420 1080	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
2080870	19872 640 0	33990 1452 1016	`aadomn/opt32`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
2324150	18852 640 0	32206 1452 1016	`aadomn/opt32`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
2335343	36846 640 0	53008 1428 1080	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
2571064	18981 640 0	32059 1404 1048	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
4164969	16056 12 0	31504 824 1016	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
4538738	17274 12 0	33560 824 1016	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
4541814	17274 12 0	33560 824 1016	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
4592354	27831 12 0	43984 792 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
14300518	6577 12 0	20046 816 1016	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
14679564	8663 12 0	23624 792 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
15724021	5499 12 0	18563 768 1048	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
15929287	6283 12 0	20495 784 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
16520165	6141 12 0	20230 816 1016	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212

Test failure

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt returns nonzero

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32

Test failure

Implementation: T:opt32t
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt allows trivial forgeries

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t

Compiler output

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: DOUBLE_ROUND(rtk_23);
skinny128.c: ^
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:23:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: state = _mm_shuffle_epi8(s1, state); /* apply inner S-box S1 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:24:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s0, tmp0); /* apply inner S-box S0 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:32:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s3, tmp0); /* apply inner S-box S3 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86

Compiler output

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

skinny128.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:35,
skinny128.c: from skinny128.c:10:
skinny128.c: skinny128.c: In function 'skinny128_384_plus':
skinny128.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
skinny128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
skinny128.c: | ^~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:70:13: note: called from here
skinny128.c: 70 | state = _mm_shuffle_epi8(state, m1); /* state <- (r2, - , r2, r0) */ \
skinny128.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:81:5: note: in expansion of macro 'SR_MC'
skinny128.c: 81 | SR_MC(); \
skinny128.c: | ^~~~~
skinny128.c: skinny128.c:134:5: note: in expansion of macro 'DOUBLE_ROUND'
skinny128.c: 134 | DOUBLE_ROUND(rtk_23+304);
skinny128.c: | ^~~~~~~~~~~~
skinny128.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:35,
skinny128.c: from skinny128.c:10:
skinny128.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
skinny128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
skinny128.c: | ^~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:68:14: note: called from here
skinny128.c: 68 | tmp0 = _mm_shuffle_epi8(state, m0); /* tmp0 <- (r3, r0, r1, r2) */ \
skinny128.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:81:5: note: in expansion of macro 'SR_MC'
skinny128.c: 81 | SR_MC(); \
skinny128.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86