Implementation notes: aarch64, pi3aplus, crypto_sign/picnic2l5fs

Computer: pi3aplus
Microarchitecture: aarch64; Cortex-A53 (410fd034)
Architecture: aarch64
CPU ID: 410fd034
SUPERCOP version: 20240107
Operation: crypto_sign
Primitive: picnic2l5fs

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
11053014724	179346 1936 10	218652 2872 1592	`T:optimizedct/neon`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
11062423553	188466 1936 10	228900 2872 1608	`T:optimizedct/neon`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
11265024848	178679 2008 10	216473 2856 1592	`T:optimizedct/c`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231225	20231212
11382113060	178538 1936 10	218700 2872 1608	`T:optimizedct/c`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
11510294410	171986 1936 10	211004 2872 1592	`T:optimizedct/c`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
11990963562	173541 1936 10	211884 2856 1576	`T:optimizedct/neon`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
12804186490	180098 1936 10	219420 2872 1592	`T:optimizedct/neon`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212
12988764570	166661 1936 10	204748 2856 1576	`T:optimizedct/c`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231225	20231212

Test failure

Implementation: T:optimizedct/c
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE

error 142
Alarm clock

Number of similar (compiler,implementation) pairs: 6, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/c
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ref

Compiler output

Implementation: T:optimizedct/neon
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

picnic2_simulate_mul.c: picnic2_simulate_mul.c:295:57: error: argument to '__builtin_neon_vshrq_n_v' must be a constant integer
picnic2_simulate_mul.c: out128[i1 / 2] = mm128_xor(mm128_and(t1, mask), mm128_sr_u64(mm128_and(t2, mask), width));
picnic2_simulate_mul.c: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
picnic2_simulate_mul.c: ./simd.h:109:28: note: expanded from macro 'mm128_sr_u64'
picnic2_simulate_mul.c: #define mm128_sr_u64(x, s) vshrq_n_u64((x), (s))
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: /usr/lib/llvm-7/lib/clang/7.0.1/include/arm_neon.h:25337:24: note: expanded from macro 'vshrq_n_u64'
picnic2_simulate_mul.c: __ret = (uint64x2_t) __builtin_neon_vshrq_n_v((int8x16_t)__s0, __p1, 51); \
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: ./simd.h:103:41: note: expanded from macro 'mm128_xor'
picnic2_simulate_mul.c: #define mm128_xor(l, r) veorq_u64((l), (r))
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: picnic2_simulate_mul.c:296:58: error: argument to '__builtin_neon_vshlq_n_v' must be a constant integer
picnic2_simulate_mul.c: out128[i2 / 2] = mm128_xor(mm128_nand(mask, t2), mm128_sl_u64(mm128_nand(mask, t1), width));
picnic2_simulate_mul.c: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
picnic2_simulate_mul.c: ./simd.h:108:28: note: expanded from macro 'mm128_sl_u64'
picnic2_simulate_mul.c: #define mm128_sl_u64(x, s) vshlq_n_u64((x), (s))
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: /usr/lib/llvm-7/lib/clang/7.0.1/include/arm_neon.h:24909:24: note: expanded from macro 'vshlq_n_u64'
picnic2_simulate_mul.c: __ret = (uint64x2_t) __builtin_neon_vshlq_n_v((int8x16_t)__s0, __p1, 51); \
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: ./simd.h:103:41: note: expanded from macro 'mm128_xor'
picnic2_simulate_mul.c: #define mm128_xor(l, r) veorq_u64((l), (r))
picnic2_simulate_mul.c: ^
picnic2_simulate_mul.c: 2 errors generated.

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:optimizedct/neon

Namespace violations

Implementation: T:optimizedct/c
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

io.o mzd_from_char_array T
io.o mzd_to_char_array T
lowmc.o lowmc_compute_aux_get_implementation T
lowmc.o lowmc_get_implementation T
lowmc_256_256_38.o lowmc_256_256_38 D
mzd_additional.o mzd_addmul_v_uint64_128 T
mzd_additional.o mzd_addmul_v_uint64_192 T
mzd_additional.o mzd_addmul_v_uint64_256 T
mzd_additional.o mzd_addmul_v_uint64_30_128 T
mzd_additional.o mzd_addmul_v_uint64_30_192 T
mzd_additional.o mzd_addmul_v_uint64_30_256 T
mzd_additional.o mzd_copy_uint64_128 T
mzd_additional.o mzd_copy_uint64_192 T
mzd_additional.o mzd_copy_uint64_256 T
mzd_additional.o mzd_local_free T
mzd_additional.o mzd_local_free_multiple T
mzd_additional.o mzd_local_init_ex T
mzd_additional.o mzd_local_init_multiple_ex T
mzd_additional.o mzd_mul_v_parity_uint64_128_30 T
mzd_additional.o mzd_mul_v_parity_uint64_192_30 T
mzd_additional.o mzd_mul_v_parity_uint64_256_30 T
mzd_additional.o mzd_mul_v_uint64_128 T
mzd_additional.o mzd_mul_v_uint64_128_640 T
mzd_additional.o mzd_mul_v_uint64_192 T
mzd_additional.o mzd_mul_v_uint64_192_960 T
mzd_additional.o mzd_mul_v_uint64_256 T
mzd_additional.o mzd_mul_v_uint64_256_1216 T
mzd_additional.o mzd_shuffle_128_30 T
mzd_additional.o mzd_shuffle_192_30 T
mzd_additional.o mzd_shuffle_256_30 T
mzd_additional.o mzd_xor_uint64_1216 T
mzd_additional.o mzd_xor_uint64_128 T
mzd_additional.o mzd_xor_uint64_192 T
mzd_additional.o mzd_xor_uint64_256 T
mzd_additional.o mzd_xor_uint64_640 T
mzd_additional.o mzd_xor_uint64_960 T
picnic.o picnic_get_lowmc_block_size T
picnic.o picnic_get_param_name T
picnic.o picnic_get_private_key_size T
picnic.o picnic_get_public_key_size T
picnic.o picnic_keygen T
picnic.o picnic_read_private_key T
picnic.o picnic_read_public_key T
picnic.o picnic_sign T
picnic.o picnic_signature_size T
picnic.o picnic_sk_to_pk T
picnic.o picnic_validate_keypair T
picnic.o picnic_verify T
picnic.o picnic_write_private_key T
picnic.o picnic_write_public_key T
picnic2_impl.o impl_sign_picnic2 T
picnic2_impl.o impl_verify_picnic2 T
picnic2_impl.o sbox_layer_10_uint64_aux T
picnic2_impl.o sign_picnic2 T
picnic2_impl.o verify_picnic2 T
picnic2_simulate.o lowmc_simulate_online_get_implementation T
picnic2_simulate_mul.o copyShares T
picnic2_simulate_mul.o getBit T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_256 T
picnic2_simulate_mul.o reconstructShares T
picnic2_simulate_mul.o setBit T
picnic2_simulate_mul.o tapesToParityOfWord T
picnic2_simulate_mul.o tapesToWord T
picnic2_simulate_mul.o transpose_64_64 T
picnic2_simulate_mul.o xor_word_array T
picnic2_tree.o addMerkleNodes T
picnic2_tree.o buildMerkleTree T
picnic2_tree.o createTree T
picnic2_tree.o freeTree T
picnic2_tree.o generateSeeds T
picnic2_tree.o getLeaf T
picnic2_tree.o getLeaves T
picnic2_tree.o openMerkleTree T
picnic2_tree.o openMerkleTreeSize T
picnic2_tree.o reconstructSeeds T
picnic2_tree.o revealSeeds T
picnic2_tree.o revealSeedsSize T
picnic2_tree.o verifyMerkleTree T
picnic2_types.o allocateCommitments2 T
picnic2_types.o allocateInputs T
picnic2_types.o allocateMsgs T
picnic2_types.o allocateMsgsVerify T
picnic2_types.o allocateProof2 T
picnic2_types.o allocateRandomTape T
picnic2_types.o allocateShares T
picnic2_types.o allocateSignature2 T
picnic2_types.o finalFreeRandomTape T
picnic2_types.o freeCommitments2 T
picnic2_types.o freeInputs T
picnic2_types.o freeMsgs T
picnic2_types.o freeProof2 T
picnic2_types.o freeRandomTape T
picnic2_types.o freeShares T
picnic2_types.o freeSignature2 T
picnic2_types.o partialFreeRandomTape T
picnic_instances.o HASH_PREFIX_0 R
picnic_instances.o HASH_PREFIX_1 R
picnic_instances.o HASH_PREFIX_2 R
picnic_instances.o HASH_PREFIX_3 R
picnic_instances.o HASH_PREFIX_4 R
picnic_instances.o HASH_PREFIX_5 R
picnic_instances.o picnic_instance_get T
randomness.o rand_bytes T

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:optimizedct/c
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/c
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/c
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/c

Namespace violations

Implementation: T:optimizedct/neon
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

io.o mzd_from_char_array T
io.o mzd_to_char_array T
lowmc.o lowmc_compute_aux_get_implementation T
lowmc.o lowmc_get_implementation T
lowmc_256_256_38.o lowmc_256_256_38 D
mzd_additional.o mzd_addmul_v_s128_128 T
mzd_additional.o mzd_addmul_v_s128_192 T
mzd_additional.o mzd_addmul_v_s128_256 T
mzd_additional.o mzd_addmul_v_s128_30_128 T
mzd_additional.o mzd_addmul_v_s128_30_192 T
mzd_additional.o mzd_addmul_v_s128_30_256 T
mzd_additional.o mzd_addmul_v_uint64_128 T
mzd_additional.o mzd_addmul_v_uint64_192 T
mzd_additional.o mzd_addmul_v_uint64_256 T
mzd_additional.o mzd_addmul_v_uint64_30_128 T
mzd_additional.o mzd_addmul_v_uint64_30_192 T
mzd_additional.o mzd_addmul_v_uint64_30_256 T
mzd_additional.o mzd_copy_s128_128 T
mzd_additional.o mzd_copy_s128_256 T
mzd_additional.o mzd_copy_uint64_128 T
mzd_additional.o mzd_copy_uint64_192 T
mzd_additional.o mzd_copy_uint64_256 T
mzd_additional.o mzd_local_free T
mzd_additional.o mzd_local_free_multiple T
mzd_additional.o mzd_local_init_ex T
mzd_additional.o mzd_local_init_multiple_ex T
mzd_additional.o mzd_mul_v_parity_uint64_128_30 T
mzd_additional.o mzd_mul_v_parity_uint64_192_30 T
mzd_additional.o mzd_mul_v_parity_uint64_256_30 T
mzd_additional.o mzd_mul_v_s128_128 T
mzd_additional.o mzd_mul_v_s128_128_640 T
mzd_additional.o mzd_mul_v_s128_192 T
mzd_additional.o mzd_mul_v_s128_192_1024 T
mzd_additional.o mzd_mul_v_s128_256 T
mzd_additional.o mzd_mul_v_s128_256_1280 T
mzd_additional.o mzd_mul_v_uint64_128 T
mzd_additional.o mzd_mul_v_uint64_128_640 T
mzd_additional.o mzd_mul_v_uint64_192 T
mzd_additional.o mzd_mul_v_uint64_192_960 T
mzd_additional.o mzd_mul_v_uint64_256 T
mzd_additional.o mzd_mul_v_uint64_256_1216 T
mzd_additional.o mzd_shuffle_128_30 T
mzd_additional.o mzd_shuffle_192_30 T
mzd_additional.o mzd_shuffle_256_30 T
mzd_additional.o mzd_xor_s128_1024 T
mzd_additional.o mzd_xor_s128_128 T
mzd_additional.o mzd_xor_s128_1280 T
mzd_additional.o mzd_xor_s128_256 T
mzd_additional.o mzd_xor_s128_640 T
mzd_additional.o mzd_xor_s128_blocks T
mzd_additional.o mzd_xor_uint64_1216 T
mzd_additional.o mzd_xor_uint64_128 T
mzd_additional.o mzd_xor_uint64_192 T
mzd_additional.o mzd_xor_uint64_256 T
mzd_additional.o mzd_xor_uint64_640 T
mzd_additional.o mzd_xor_uint64_960 T
picnic.o picnic_get_lowmc_block_size T
picnic.o picnic_get_param_name T
picnic.o picnic_get_private_key_size T
picnic.o picnic_get_public_key_size T
picnic.o picnic_keygen T
picnic.o picnic_read_private_key T
picnic.o picnic_read_public_key T
picnic.o picnic_sign T
picnic.o picnic_signature_size T
picnic.o picnic_sk_to_pk T
picnic.o picnic_validate_keypair T
picnic.o picnic_verify T
picnic.o picnic_write_private_key T
picnic.o picnic_write_public_key T
picnic2_impl.o impl_sign_picnic2 T
picnic2_impl.o impl_verify_picnic2 T
picnic2_impl.o sbox_layer_10_uint64_aux T
picnic2_impl.o sign_picnic2 T
picnic2_impl.o verify_picnic2 T
picnic2_simulate.o lowmc_simulate_online_get_implementation T
picnic2_simulate_mul.o copyShares T
picnic2_simulate_mul.o getBit T
picnic2_simulate_mul.o mpc_matrix_addmul_r_s128_128 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_s128_192 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_s128_256 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_addmul_r_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_s128_128 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_s128_192 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_s128_256 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_nl_part_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_s128_128 T
picnic2_simulate_mul.o mpc_matrix_mul_s128_192 T
picnic2_simulate_mul.o mpc_matrix_mul_s128_256 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_uint64_256 T
picnic2_simulate_mul.o mpc_matrix_mul_z_s128_128 T
picnic2_simulate_mul.o mpc_matrix_mul_z_s128_192 T
picnic2_simulate_mul.o mpc_matrix_mul_z_s128_256 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_128 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_192 T
picnic2_simulate_mul.o mpc_matrix_mul_z_uint64_256 T
picnic2_simulate_mul.o reconstructShares T
picnic2_simulate_mul.o setBit T
picnic2_simulate_mul.o tapesToParityOfWord T
picnic2_simulate_mul.o tapesToWord T
picnic2_simulate_mul.o transpose_64_64 T
picnic2_simulate_mul.o xor_word_array T
picnic2_tree.o addMerkleNodes T
picnic2_tree.o buildMerkleTree T
picnic2_tree.o createTree T
picnic2_tree.o freeTree T
picnic2_tree.o generateSeeds T
picnic2_tree.o getLeaf T
picnic2_tree.o getLeaves T
picnic2_tree.o openMerkleTree T
picnic2_tree.o openMerkleTreeSize T
picnic2_tree.o reconstructSeeds T
picnic2_tree.o revealSeeds T
picnic2_tree.o revealSeedsSize T
picnic2_tree.o verifyMerkleTree T
picnic2_types.o allocateCommitments2 T
picnic2_types.o allocateInputs T
picnic2_types.o allocateMsgs T
picnic2_types.o allocateMsgsVerify T
picnic2_types.o allocateProof2 T
picnic2_types.o allocateRandomTape T
picnic2_types.o allocateShares T
picnic2_types.o allocateSignature2 T
picnic2_types.o finalFreeRandomTape T
picnic2_types.o freeCommitments2 T
picnic2_types.o freeInputs T
picnic2_types.o freeMsgs T
picnic2_types.o freeProof2 T
picnic2_types.o freeRandomTape T
picnic2_types.o freeShares T
picnic2_types.o freeSignature2 T
picnic2_types.o partialFreeRandomTape T
picnic_instances.o HASH_PREFIX_0 R
picnic_instances.o HASH_PREFIX_1 R
picnic_instances.o HASH_PREFIX_2 R
picnic_instances.o HASH_PREFIX_3 R
picnic_instances.o HASH_PREFIX_4 R
picnic_instances.o HASH_PREFIX_5 R
picnic_instances.o picnic_instance_get T
randomness.o rand_bytes T

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/neon
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/neon
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/neon
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:optimizedct/neon