Implementation notes: amd64, hydra5, crypto_aead/romulusm

Computer: hydra5
Microarchitecture: amd64; K10 32nm (300f10)
Architecture: amd64
CPU ID: AuthenticAMD-00300f10-178bfbff
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: romulusm

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
1472584	31638 640 0	47512 1508 1024	`aadomn/opt32`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1479551	31270 640 0	46240 1508 1024	`aadomn/opt32`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1481556	31638 640 0	47512 1508 1024	`aadomn/opt32`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1832294	23200 640 0	37376 1508 1024	`aadomn/opt32`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
1941040	22380 640 0	38101 1452 1088	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
2029473	20111 640 0	34948 1444 1088	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
2277325	20752 640 0	33962 1500 1024	`aadomn/opt32`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
2362066	36618 640 0	53685 1452 1088	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
2573466	20695 640 0	34256 1428 1056	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
3079404	16011 12 0	31432 872 1024	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
3102088	19391 12 0	35712 872 1024	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
3110260	19391 12 0	35712 872 1024	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
4272659	28648 12 0	45685 816 1088	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
13781291	10635 12 0	24808 872 1024	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
13853239	6775 12 0	20074 864 1024	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231215	20231212
15292978	9018 12 0	24733 816 1088	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
16104585	6091 12 0	19648 792 1056	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212
16554139	6755 12 0	21556 808 1088	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231215	20231212

Test failure

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt returns nonzero

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32

Test failure

Implementation: T:opt32t
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt allows trivial forgeries

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t

Compiler output

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: DOUBLE_ROUND(rtk_23);
skinny128.c: ^
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:23:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: state = _mm_shuffle_epi8(s1, state); /* apply inner S-box S1 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:24:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s0, tmp0); /* apply inner S-box S0 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:32:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s3, tmp0); /* apply inner S-box S3 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86

Compiler output

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

skinny128.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:37,
skinny128.c: from skinny128.c:10:
skinny128.c: skinny128.c: In function 'skinny128_384_plus':
skinny128.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
skinny128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
skinny128.c: | ^~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:70:13: note: called from here
skinny128.c: 70 | state = _mm_shuffle_epi8(state, m1); /* state <- (r2, - , r2, r0) */ \
skinny128.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:81:5: note: in expansion of macro 'SR_MC'
skinny128.c: 81 | SR_MC(); \
skinny128.c: | ^~~~~
skinny128.c: skinny128.c:134:5: note: in expansion of macro 'DOUBLE_ROUND'
skinny128.c: 134 | DOUBLE_ROUND(rtk_23+304);
skinny128.c: | ^~~~~~~~~~~~
skinny128.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:37,
skinny128.c: from skinny128.c:10:
skinny128.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
skinny128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
skinny128.c: | ^~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:68:14: note: called from here
skinny128.c: 68 | tmp0 = _mm_shuffle_epi8(state, m0); /* tmp0 <- (r3, r0, r1, r2) */ \
skinny128.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
skinny128.c: skinny128.c:81:5: note: in expansion of macro 'SR_MC'
skinny128.c: 81 | SR_MC(); \
skinny128.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86