Implementation notes: amd64, hydra8, crypto_kem/kyber90s1024

Computer: hydra8
Architecture: amd64
CPU ID: GenuineIntel-000306a9-bfebfbff
SUPERCOP version: 20201130
Operation: crypto_kem
Primitive: kyber90s1024
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
163732865376 0 086304 808 1568T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020090320200826
164047276396 0 095064 808 1568T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020090320200826
167530458772 0 078006 784 1600T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020090320200826
174925258275 0 077616 808 1568T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020090320200826
176098058275 0 077616 808 1568T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020090320200826
177478043795 0 059502 800 1568T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020090320200826
187569644640 0 061798 784 1600T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020090320200826
189944044000 0 060846 784 1600T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020090320200826
207169641775 0 057662 776 1568T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020090320200826

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
cbd.c: cbd.c:27:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_srli_epi32(vec0, 1);
cbd.c: ^
cbd.c: cbd.c:28:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_and_si256(mask55, vec0);
cbd.c: ^
cbd.c: cbd.c:29:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_and_si256(mask55, vec1);
cbd.c: ^
cbd.c: cbd.c:30:12: error: always_inline function '_mm256_add_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_add_epi32(vec0, vec1);
cbd.c: ^
cbd.c: cbd.c:32:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_srli_epi32(vec0, 2);
cbd.c: ^
cbd.c: cbd.c:33:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec0 = _mm256_and_si256(mask33, vec0);
cbd.c: ^
cbd.c: cbd.c:34:12: error: always_inline function '_mm256_and_si256' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec1 = _mm256_and_si256(mask33, vec1);
cbd.c: ^
cbd.c: cbd.c:36:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: vec2 = _mm256_srli_epi32(vec0, 4);
cbd.c: ^
cbd.c: cbd.c:37:12: error: always_inline function '_mm256_srli_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd' that is compiled without support for 'avx2'
cbd.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:avx2
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:avx2
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:avx2
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
aes256ctr.c: aes256ctr.c:94:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:75:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:95:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK2(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:85:11: note: expanded from macro 'BLOCK2'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:97:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x02);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:75:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-6.0/lib/clang/6.0.0/include/__wmmintrin_aes.h:147:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: cbd.c: In function 'crypto_kem_kyber90s1024_avx2_timingleaks_cbd':
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:62:10: note: called from here
cbd.c: vec3 = _mm256_permute2x128_si256(vec1, vec3, 0x31);
cbd.c: ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:61:9: note: called from here
cbd.c: tmp = _mm256_permute2x128_si256(vec1, vec3, 0x20);
cbd.c: ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/7/include/immintrin.h:43:0,
cbd.c: from cbd.c:2:
cbd.c: /usr/lib/gcc/x86_64-linux-gnu/7/include/avx2intrin.h:1081:1: error: inlining failed in call to always_inline '_mm256_permute2x128_si256': target specific option mismatch
cbd.c: _mm256_permute2x128_si256 (__m256i __X, __m256i __Y, const int __M)
cbd.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: cbd.c:59:10: note: called from here
cbd.c: vec2 = _mm256_permute2x128_si256(vec0, vec2, 0x31);
cbd.c: ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbd.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:avx2
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:avx2
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:avx2
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:avx2