Implementation notes: amd64, speed2supercop, crypto_kem/kyber1024

Computer: speed2supercop
Microarchitecture: amd64; Haswell+AES (306c3)
Architecture: amd64
CPU ID: GenuineIntel-000306c3-1fc9cbf5
SUPERCOP version: 20240625
Operation: crypto_kem
Primitive: kyber1024

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
153148	141500 0 0	163109 800 1568	`avx2`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
153572	153583 0 0	174501 760 1600	`avx2`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
159276	131923 0 0	149637 800 1568	`avx2`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
159408	128478 0 0	147453 760 1600	`avx2`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
160076	145040 0 0	166829 800 1568	`avx2`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
160512	126848 0 0	145367 792 1632	`avx2`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
162732	125487 0 0	144141 760 1600	`avx2`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
164520	125198 0 0	142709 752 1568	`avx2`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
604832	92847 0 0	122069 800 1568	`compact`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
627760	51577 0 0	81197 760 1600	`compact`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
646872	41455 0 0	71637 800 1568	`compact`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
709212	51291 0 0	72109 800 1568	`ref`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
709868	46783 0 0	76174 800 1568	`compact`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
712920	45917 0 0	66013 800 1568	`ref`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
743152	7695 0 0	35373 760 1600	`compact`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
745880	36345 0 0	57022 800 1568	`ref`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
748592	12850 0 0	31775 792 1632	`ref`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
758192	8778 0 0	35886 800 1568	`compact`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
758228	44142 0 0	65005 760 1600	`ref`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
764604	6846 0 0	34831 792 1632	`compact`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
796964	14989 0 0	33262 800 1568	`ref`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
806932	14356 0 0	33213 760 1600	`ref`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
874384	12404 0 0	30925 760 1600	`ref`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
910480	11422 0 0	28821 752 1568	`ref`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
955412	6190 0 0	33669 760 1600	`compact`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625
1219804	5059 0 0	31437 752 1568	`compact`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240711	20240625

Compiler output

KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'crypto_kem_kyber1024_avx2_constbranchindex_KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c:         Xor_In4( 0 );
KeccakP-1600-times4-SIMD256.c:         ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:     #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:     #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'crypto_kem_kyber1024_avx2_constbranchindex_KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:                                 lanes1 = LOAD256u( curData1[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`

Compiler output

kem.c: kem.c:24:32: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c:    24 | int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
kem.c:       |                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:5:
kem.c: kem.h:33:33: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c:       |                        ~~~~~~~~~^~
kem.c: kem.c:25:32: warning: argument 2 of type 'uint8_t[3168]' {aka 'unsigned char[3168]'} with mismatched bound [-Warray-parameter=]
kem.c:    25 |                        uint8_t sk[KYBER_SECRETKEYBYTES])
kem.c:       |                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: kem.h:33:46: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c:       |                                     ~~~~~~~~~^~
kem.c: kem.c:50:28: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c:    50 | int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
kem.c:       |                    ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
kem.c: kem.h:36:29: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    36 | int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
kem.c:       |                    ~~~~~~~~~^~
kem.c: kem.c:51:28: warning: argument 2 of type 'uint8_t[32]' {aka 'unsigned char[32]'} with mismatched bound [-Warray-parameter=]
kem.c:    51 |                    uint8_t ss[KYBER_SSBYTES],
kem.c:       |                    ~~~~~~~~^~~~~~~~~~~~~~~~~
kem.c: kem.h:36:42: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    36 | int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
kem.c:       |                                 ~~~~~~~~~^~
kem.c: ...
poly.c: poly.c:407:42: warning: argument 5 of type 'const uint8_t[32]' {aka 'const unsigned char[32]'} with mismatched bound [-Warray-parameter=]
poly.c:   407 |                            const uint8_t seed[32],
poly.c:       |                            ~~~~~~~~~~~~~~^~~~~~~~
poly.c: In file included from poly.c:6:
poly.c: poly.h:37:43: note: previously declared as 'const uint8_t *' {aka 'const unsigned char *'}
poly.c:    37 |                            const uint8_t *seed,
poly.c:       |                            ~~~~~~~~~~~~~~~^~~~

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`

Compiler output

kem.c: kem.c:23:32: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c:    23 | int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
kem.c:       |                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:4:
kem.c: kem.h:33:33: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c:       |                        ~~~~~~~~~^~
kem.c: kem.c:24:32: warning: argument 2 of type 'uint8_t[3168]' {aka 'unsigned char[3168]'} with mismatched bound [-Warray-parameter=]
kem.c:    24 |                        uint8_t sk[KYBER_SECRETKEYBYTES])
kem.c:       |                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: kem.h:33:46: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c:       |                                     ~~~~~~~~~^~
kem.c: kem.c:51:28: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c:    51 | int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
kem.c:       |                    ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
kem.c: kem.h:36:29: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    36 | int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
kem.c:       |                    ~~~~~~~~~^~
kem.c: kem.c:52:28: warning: argument 2 of type 'uint8_t[32]' {aka 'unsigned char[32]'} with mismatched bound [-Warray-parameter=]
kem.c:    52 |                    uint8_t ss[KYBER_SSBYTES],
kem.c:       |                    ~~~~~~~~^~~~~~~~~~~~~~~~~
kem.c: kem.h:36:42: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c:    36 | int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
kem.c:       |                                 ~~~~~~~~~^~
kem.c: ...

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`

Passed TIMECOP

TIMECOP iterations: 1

Number of similar (implementation,compiler) pairs: 26, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`avx2`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`avx2`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`avx2`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`avx2`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`avx2`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`compact`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`compact`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`compact`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`compact`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`compact`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`compact`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`compact`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`compact`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`compact`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`