Implementation notes: amd64, hydra8, crypto_kem/kyber90s1024

Computer: hydra8
Architecture: amd64
CPU ID: GenuineIntel-000306a9-bfebfbff
SUPERCOP version: 20201130
Operation: crypto_kem
Primitive: kyber90s1024

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
1637328	65376 0 0	86304 808 1568	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20200903	20200826
1640472	76396 0 0	95064 808 1568	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20200903	20200826
1675304	58772 0 0	78006 784 1600	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20200903	20200826
1749252	58275 0 0	77616 808 1568	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20200903	20200826
1760980	58275 0 0	77616 808 1568	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20200903	20200826
1774780	43795 0 0	59502 800 1568	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20200903	20200826
1875696	44640 0 0	61798 784 1600	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20200903	20200826
1899440	44000 0 0	60846 784 1600	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20200903	20200826
2071696	41775 0 0	57662 776 1568	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20200903	20200826

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

cbd.c: cbd.c:27:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_srli_epi32(vec0, 1);
cbd.c: ^
cbd.c: cbd.c:28:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_and_si256(mask55, vec0);
cbd.c: ^
cbd.c: cbd.c:29:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_and_si256(mask55, vec1);
cbd.c: ^
cbd.c: cbd.c:30:12: error: always_inline function '_mm256_add_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_add_epi32(vec0, vec1);
cbd.c: ^
cbd.c: cbd.c:32:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_srli_epi32(vec0, 2);
cbd.c: ^
cbd.c: cbd.c:33:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_and_si256(mask33, vec0);
cbd.c: ^
cbd.c: cbd.c:34:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_and_si256(mask33, vec1);
cbd.c: ^
cbd.c: cbd.c:36:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec2 = _mm256_srli_epi32(vec0, 4);
cbd.c: ^
cbd.c: cbd.c:37:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

aes256ctr.c: aes256ctr.c:94:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:75:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:95:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK2(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:85:11: note: expanded from macro 'BLOCK2'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:97:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x02);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:75:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: cbd.c: In function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd':
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:62:10: note: called from here
cbd.c: vec3 = _mm256_permute2x128_si256(vec1, vec3, 0x31);
cbd.c: ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:61:9: note: called from here
cbd.c: tmp = _mm256_permute2x128_si256(vec1, vec3, 0x20);
cbd.c: ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:59:10: note: called from here
cbd.c: vec2 = _mm256_permute2x128_si256(vec0, vec2, 0x31);
cbd.c: ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2