Implementation notes: amd64, wooden, crypto_aead/deoxysi256v141

Computer: wooden
Microarchitecture: amd64; Goldmont (506c9)
Architecture: amd64
CPU ID: GenuineIntel-000506c9-1fc9cbf5
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: deoxysi256v141

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
16148	36655 0 0	53025 784 856	`T:aesni`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
16238	36591 0 0	50657 784 856	`T:aesni`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
16314	37267 0 0	50941 752 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
16320	39724 0 0	54885 752 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
16370	30946 0 0	43376 728 896	`T:aesni`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
16660	35670 0 0	48767 776 856	`T:aesni`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
16672	37340 0 0	51365 752 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
16680	35529 0 0	48063 776 856	`T:aesni`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
19210	160469 0 0	172839 776 856	`T:aesnis`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
19240	160710 0 0	177273 784 856	`T:aesnis`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
19250	160701 0 0	174953 784 856	`T:aesnis`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
19904	160461 0 0	173399 776 856	`T:aesnis`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
21402	146265 0 0	158704 728 896	`T:aesnis`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
21976	162875 0 0	176589 752 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
22108	165444 0 0	179509 752 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
22148	165219 0 0	180453 752 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
116512	106753 0 547	122857 784 1416	`T:bitslice`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
116656	106753 0 547	120553 784 1416	`T:bitslice`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
129292	129297 0 592	144509 752 1520	`T:bitslice`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
135110	106918 0 547	118783 776 1416	`T:bitslice`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
140034	107484 0 547	120063 776 1416	`T:bitslice`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
146854	111065 0 592	125133 752 1520	`T:bitslice`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
149562	97683 0 592	110128 728 1488	`T:bitslice`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
158744	182258 0 592	195973 752 1520	`T:bitslice`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
186992	34080 0 547	47071 776 1416	`T:table`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
207856	32813 0 592	45296 728 1488	`T:table`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
210626	36835 0 592	52077 752 1520	`T:table`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
212910	34362 0 592	48133 752 1520	`T:table`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
216268	35350 0 592	49437 752 1520	`T:table`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
248024	35054 0 547	50929 784 1416	`T:table`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
253440	34579 0 547	49441 784 1416	`T:table`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
253478	34611 0 547	51777 784 1416	`T:table`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
274134	33363 0 547	46967 776 1416	`T:table`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
1168038	24222 0 0	39105 784 856	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
1583756	28979 0 0	44213 752 928	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
1592426	26714 0 0	42625 784 856	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
1657522	26286 0 0	43489 784 856	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
4076196	25327 0 0	39413 752 928	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
4334726	24096 0 0	37095 776 856	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
5199534	22836 0 0	36447 776 856	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231221	20231215
5573728	22390 0 0	34872 728 896	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215
5624380	23840 0 0	37597 752 928	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231221	20231215

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:105:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( tsubkeys1,tsubkeys2,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:90:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3(subkeys, key, tmp,tmp2,tmp3,tmp4);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:90:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:90:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:41:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1, tmp4, tmp3 ); subkeys[ 2] = xor( xor(tmp1,tmp3), RCONST( 2) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys256.c: deoxys256.c:179:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt_8' that is compiled without support for 'ssse3'
deoxys256.c: KEY_SCHEDULE(key, subkey);
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:79:5: note: expanded from macro 'KEY_SCHEDULE'
deoxys256.c: packing(subkey1[0]);\
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:457:14: note: expanded from macro 'packing'
deoxys256.c: (x)[0] = shuffle_pack((x)[0]);\
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxys256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:31:25: note: expanded from macro 'permute'
deoxys256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys256.c: ^
deoxys256.c: deoxys256.c:179:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt_8' that is compiled without support for 'ssse3'
deoxys256.c: ./deoxysi256.macros:79:5: note: expanded from macro 'KEY_SCHEDULE'
deoxys256.c: packing(subkey1[0]);\
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:458:14: note: expanded from macro 'packing'
deoxys256.c: (x)[1] = shuffle_pack((x)[1]);\
deoxys256.c: ^
deoxys256.c: ./deoxysi256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxys256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxys256.c: ^
deoxys256.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:bitslice