Implementation notes: amd64, samba, crypto_aead/romulusm

Computer: samba
Microarchitecture: amd64; Skylake (506e3)
Architecture: amd64
CPU ID: GenuineIntel-000506e3-bfebfbff
SUPERCOP version: 20221122
Operation: crypto_aead
Primitive: romulusm

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
266244	11410 0 0	25347 780 1040	`aadomn/x86`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
269435	13580 0 0	30469 804 1040	`aadomn/x86`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
269458	10646 0 0	24127 796 1008	`aadomn/x86`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
269500	13244 0 0	30229 804 1040	`aadomn/x86`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
272272	13244 0 0	30229 804 1040	`aadomn/x86`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
273708	12145 0 0	27183 796 1072	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
274106	13589 0 0	31328 804 1072	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
274474	11751 0 0	26759 796 1072	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
1005258	28396 640 0	45229 1452 1040	`aadomn/opt32`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
1009091	28588 640 0	45325 1452 1040	`aadomn/opt32`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
1018799	28396 640 0	45229 1452 1040	`aadomn/opt32`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
1031720	28603 640 0	44133 1452 1008	`aadomn/opt32`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
1285323	18418 640 0	31935 1444 1008	`aadomn/opt32`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
1487497	20474 640 0	35704 1452 1072	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
1554741	21866 640 0	37120 1452 1072	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
1555655	19760 640 0	33795 1428 1040	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
1665183	33611 640 0	51520 1452 1072	`aadomn/opt32`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
1949092	19182 12 0	35861 816 1040	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
2042271	17147 12 0	33069 816 1008	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
2205766	17494 12 0	34165 816 1040	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
2216639	17494 12 0	34165 816 1040	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
2428103	24488 12 0	42336 816 1072	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
5625036	6400 12 0	20007 808 1008	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20221006	20221005
6982120	6737 12 0	21823 808 1072	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
7120141	8322 12 0	23455 808 1072	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005
7926187	6183 12 0	20211 792 1040	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20221006	20221005

Test failure

Implementation: T:fixslice_opt32
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt returns nonzero

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:fixslice_opt32

Test failure

Implementation: T:opt32t
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

error 111
crypto_aead_decrypt allows trivial forgeries

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:opt32t

Compiler output

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: DOUBLE_ROUND(rtk_23);
skinny128.c: ^
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:23:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: state = _mm_shuffle_epi8(s1, state); /* apply inner S-box S1 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:24:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s0, tmp0); /* apply inner S-box S0 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: SBOX_ARK_EVEN(rtk_23); \
skinny128.c: ^
skinny128.c: skinny128.c:32:13: note: expanded from macro 'SBOX_ARK_EVEN'
skinny128.c: tmp0 = _mm_shuffle_epi8(s3, tmp0); /* apply inner S-box S3 */ \
skinny128.c: ^
skinny128.c: skinny128.c:115:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: skinny128.c:78:5: note: expanded from macro 'DOUBLE_ROUND'
skinny128.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86

Namespace violations

Implementation: aadomn/opt32
Security model: constbranchindex
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

romulus_m.o romulusm_generate_tag T
romulus_m.o romulusm_init T
romulus_m.o romulusm_process_ad T
romulus_m.o romulusm_process_msg T
romulus_m.o romulusm_verify_tag T
romulus_m.o zeroize T
skinny128.o mixcolumns_0 T
skinny128.o mixcolumns_1 T
skinny128.o mixcolumns_2 T
skinny128.o mixcolumns_3 T
skinny128.o skinny128_384_plus T
tk_schedule.o lfsr2_bs T
tk_schedule.o lfsr3_bs T
tk_schedule.o packing T
tk_schedule.o permute_tk T
tk_schedule.o permute_tk_10 T
tk_schedule.o permute_tk_12 T
tk_schedule.o permute_tk_14 T
tk_schedule.o permute_tk_2 T
tk_schedule.o permute_tk_4 T
tk_schedule.o permute_tk_6 T
tk_schedule.o permute_tk_8 T
tk_schedule.o precompute_lfsr_tk2 T
tk_schedule.o precompute_lfsr_tk3 T
tk_schedule.o rconst_32_bs D
tk_schedule.o tk_schedule_1 T
tk_schedule.o tk_schedule_123 T
tk_schedule.o tk_schedule_13 T
tk_schedule.o tk_schedule_23 T
tk_schedule.o unpacking T

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/opt32

Namespace violations

Implementation: aadomn/x86
Security model: constbranchindex
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

Number of similar (compiler,implementation) pairs: 8, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	aadomn/x86

Namespace violations

Implementation: T:ref
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

romulus_m_reference.o ad2msg_encryption T
romulus_m_reference.o ad_encryption T
romulus_m_reference.o block_cipher T
romulus_m_reference.o compose_tweakey T
romulus_m_reference.o g8A T
romulus_m_reference.o generate_tag T
romulus_m_reference.o irho T
romulus_m_reference.o lfsr_gf56 T
romulus_m_reference.o msg_decryption T
romulus_m_reference.o msg_encryption T
romulus_m_reference.o nonce_encryption T
romulus_m_reference.o pad T
romulus_m_reference.o reset_lfsr_gf56 T
romulus_m_reference.o rho T
romulus_m_reference.o rho_ad T
romulus_m_reference.o romulus_m_decrypt T
romulus_m_reference.o romulus_m_encrypt T
skinny_reference.o AddConstants T
skinny_reference.o AddKey T
skinny_reference.o BLOCK_SIZE D
skinny_reference.o MixColumn T
skinny_reference.o N_RNDS D
skinny_reference.o P R
skinny_reference.o RC R
skinny_reference.o ShiftRows T
skinny_reference.o SubCell8 T
skinny_reference.o TWEAKEY_P R
skinny_reference.o TWEAKEY_SIZE D
skinny_reference.o enc T
skinny_reference.o sbox_8 R
skinny_reference.o skinny_128_384_plus_enc T

Number of similar (compiler,implementation) pairs: 9, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref