Implementation notes: amd64, nucnuc, crypto_kem/titaniumccamed

Computer: nucnuc
Microarchitecture: amd64; Airmont (406c3)
Architecture: amd64
CPU ID: GenuineIntel-000406c3-bfebfbff
SUPERCOP version: 20240107
Operation: crypto_kem
Primitive: titaniumccamed

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
17158247	51968 0 36	236128 820 1752	`T:opt`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
17159026	62315 0 36	248088 820 1752	`T:opt`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
17621586	63901 0 36	249296 820 1752	`T:opt`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
18159411	43979 0 36	226726 812 1752	`T:opt`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
18565032	46959 0 64	231248 788 1816	`T:opt`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217
19081166	47064 0 64	230832 788 1816	`T:opt`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217
19343302	75864 0 64	261016 788 1816	`T:opt`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217
739384391	40304 0 36	224376 820 1752	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
746986880	53569 0 36	239272 820 1752	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
762088160	55383 0 36	240688 820 1752	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
815028496	35973 0 36	218502 812 1752	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240130	20231217
818523008	53618 0 64	238752 788 1816	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217
825066605	35775 0 64	219912 788 1816	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217
898055771	35911 0 64	219520 788 1816	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240130	20231217

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

encrypt.c: In file included from encrypt.c:18:
encrypt.c: In file included from /usr/lib/llvm-11/lib/clang/11.0.1/include/x86intrin.h:13:
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/ia32intrin.h:210:16: error: expected identifier or '('
encrypt.c: unsigned int D;
encrypt.c: ^
encrypt.c: ./param.h:28:11: note: expanded from macro 'D'
encrypt.c: #define D 256
encrypt.c: ^
encrypt.c: In file included from encrypt.c:18:
encrypt.c: In file included from /usr/lib/llvm-11/lib/clang/11.0.1/include/x86intrin.h:13:
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/ia32intrin.h:211:20: error: cannot take the address of an rvalue of type 'int'
encrypt.c: __builtin_memcpy(&D, &__A, sizeof(__A));
encrypt.c: ^~
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/ia32intrin.h:227:22: error: expected identifier or '('
encrypt.c: unsigned long long D;
encrypt.c: ^
encrypt.c: ./param.h:28:11: note: expanded from macro 'D'
encrypt.c: #define D 256
encrypt.c: ^
encrypt.c: In file included from encrypt.c:18:
encrypt.c: In file included from /usr/lib/llvm-11/lib/clang/11.0.1/include/x86intrin.h:13:
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/ia32intrin.h:228:20: error: cannot take the address of an rvalue of type 'int'
encrypt.c: __builtin_memcpy(&D, &__A, sizeof(__A));
encrypt.c: ^~
encrypt.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/ia32intrin.h:244:9: error: expected identifier or '('
encrypt.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

encrypt.c: encrypt.c: In function 'crypto_encrypt_keypair':
encrypt.c: encrypt.c:63:6: warning: AVX vector return without AVX enabled changes the ABI [-Wpsabi]
encrypt.c: 63 | u = _mm256_loadu_si256((__m256i *)(a[i] + j));
encrypt.c: | ~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:51,
encrypt.c: from /usr/lib/gcc/x86_64-linux-gnu/10/include/x86intrin.h:32,
encrypt.c: from encrypt.c:18:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avxintrin.h:926:1: error: inlining failed in call to 'always_inline' '_mm256_storeu_si256': target specific option mismatch
encrypt.c: 926 | _mm256_storeu_si256 (__m256i_u *__P, __m256i __A)
encrypt.c: | ^~~~~~~~~~~~~~~~~~~
encrypt.c: encrypt.c:66:4: note: called from here
encrypt.c: 66 | _mm256_storeu_si256((__m256i *)(a[i] + j), t);
encrypt.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
encrypt.c: from /usr/lib/gcc/x86_64-linux-gnu/10/include/x86intrin.h:32,
encrypt.c: from encrypt.c:18:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx2intrin.h:567:1: error: inlining failed in call to 'always_inline' '_mm256_mul_epu32': target specific option mismatch
encrypt.c: 567 | _mm256_mul_epu32 (__m256i __A, __m256i __B)
encrypt.c: | ^~~~~~~~~~~~~~~~
encrypt.c: encrypt.c:65:8: note: called from here
encrypt.c: 65 | t = _mm256_mul_epu32(u, v);
encrypt.c: | ^~~~~~~~~~~~~~~~~~~~~~
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:51,
encrypt.c: from /usr/lib/gcc/x86_64-linux-gnu/10/include/x86intrin.h:32,
encrypt.c: from encrypt.c:18:
encrypt.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:opt
Security model: timingleaks
Compiler: clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt_keypair':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: encrypt.c:(.text+0x...): undefined reference to `barrett_4q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt_open':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(fastrandombytes.o): in function `fastrandombytes':
try.c: fastrandombytes.c:(.text+0x...): undefined reference to `load_32'
try.c: /usr/bin/ld: fastrandombytes.c:(.text+0x...): undefined reference to `store_32'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_core':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_2q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1280_2048':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `intt_core':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_2q2'
try.c: /usr/bin/ld: ntt.c:(.text+0x...): undefined reference to `barrett_2q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_2048_768':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_512_1792':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_4q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1280_1792':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1792_1792_inv':
try.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt

Compiler output

Implementation: T:opt
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE

try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt_keypair':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: encrypt.c:(.text+0x...): undefined reference to `barrett_4q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(encrypt.o): in function `crypto_encrypt_open':
try.c: encrypt.c:(.text+0x...): undefined reference to `barrett_4q2'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(fastrandombytes.o): in function `fastrandombytes':
try.c: fastrandombytes.c:(.text+0x...): undefined reference to `load_32'
try.c: /usr/bin/ld: fastrandombytes.c:(.text+0x...): undefined reference to `store_32'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1280_2048':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_2048_768':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_512_1792':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_4q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1280_1792':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_1792_1792_inv':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_16q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_768_768_inv':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_8q'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(ntt.o): in function `ntt_butterfly_512_768':
try.c: ntt.c:(.text+0x...): undefined reference to `barrett_4q'
try.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt

Compiler output

Implementation: T:ref
Security model: timingleaks
Compiler: clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(fastrandombytes.o): in function `fastrandombytes':
try.c: fastrandombytes.c:(.text+0x...): undefined reference to `load_32'
try.c: /usr/bin/ld: fastrandombytes.c:(.text+0x...): undefined reference to `store_32'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(pack.o): in function `poly_encode_c2':
try.c: pack.c:(.text+0x...): undefined reference to `store_8'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(pack.o): in function `poly_decode_c2':
try.c: pack.c:(.text+0x...): undefined reference to `load_8'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(sampler.o): in function `sampler_zb':
try.c: sampler.c:(.text+0x...): undefined reference to `load_8'
try.c: /usr/bin/ld: sampler.c:(.text+0x...): undefined reference to `load_8'
try.c: /usr/bin/ld: sampler.c:(.text+0x...): undefined reference to `load_8'
try.c: /usr/bin/ld: sampler.c:(.text+0x...): undefined reference to `load_8'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(sampler.o): in function `sampler_zq':
try.c: sampler.c:(.text+0x...): undefined reference to `load_24'
try.c: /usr/bin/ld: libcrypto_kem_titaniumccamed.a(sampler.o): in function `sampler_binomial':
try.c: sampler.c:(.text+0x...): undefined reference to `load_8'
try.c: clang: error: linker command failed with exit code 1 (use -v to see invocation)

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref

Compiler output

Implementation: T:ref
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref