Implementation notes: amd64, alder, crypto_aead/kiasuneq128v1

Computer: alder
Microarchitecture: amd64; Golden Cove (90675-00)
Architecture: amd64
CPU ID: GenuineIntel-00090675-00-bfebfbff
SUPERCOP version: 20231107
Operation: crypto_aead
Primitive: kiasuneq128v1

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
3689	19624 0 0	42320 780 1080	`T:opt`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
3729	14845 0 0	35648 780 1080	`T:opt`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
3815	15378 0 0	35760 780 1080	`T:opt`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
4180	14318 0 0	33027 756 1048	`T:opt`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
56552	53433 352 0	67088 1164 1016	`T:bitslice`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
56561	54036 352 0	70162 1172 1048	`T:bitslice`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
56651	53323 352 0	67344 1164 1016	`T:bitslice`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
56696	54284 352 0	70626 1172 1016	`T:bitslice`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
56723	54036 352 0	70306 1172 1048	`T:bitslice`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
120906	20624 0 0	36840 812 1048	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
121291	23108 0 0	39504 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
121444	20396 0 0	36664 812 1016	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
127657	19824 0 0	35896 812 1048	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
128772	18758 0 0	31651 756 1048	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
130617	19538 0 0	33704 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
131128	20240 0 0	34688 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230608	20230530
133949	19105 0 0	32694 804 1016	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530
152730	19558 0 0	33534 804 1016	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230608	20230530

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

try.c: /usr/bin/ld: libcrypto_aead_kiasuneq128v1.a(aes_tweaked.o): relocation R_X86_64_32S against symbol `M0' can not be used when making a PIE object; recompile with -fPIE
try.c: collect2: error: ld returned 1 exit status

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:bitslice
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:bitslice
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:bitslice
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:bitslice

Compiler output

Implementation: T:opt
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

kiasu.c: kiasu.c:91:50: warning: implicit conversion from 'int' to 'char' changes value from 192 to -64 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_AD_LAST = constant8( (0x6<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:94:56: warning: implicit conversion from 'int' to 'char' changes value from 128 to -128 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_M_LAST_NONZERO = constant8( (0x4<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:95:49: warning: implicit conversion from 'int' to 'char' changes value from 160 to -96 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_CHKSUM = constant8( (0x5<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:331:50: warning: implicit conversion from 'int' to 'char' changes value from 192 to -64 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_AD_LAST = constant8( (0x6<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:334:56: warning: implicit conversion from 'int' to 'char' changes value from 128 to -128 [-Wconstant-conversion]
kiasu.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt

Compiler output

Implementation: T:opt
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

kiasu.c: kiasu.c:91:50: warning: implicit conversion from 'int' to 'char' changes value from 192 to -64 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_AD_LAST = constant8( (0x6<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:94:56: warning: implicit conversion from 'int' to 'char' changes value from 128 to -128 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_M_LAST_NONZERO = constant8( (0x4<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:95:49: warning: implicit conversion from 'int' to 'char' changes value from 160 to -96 [-Wconstant-conversion]
kiasu.c: const __m128i MSB_CHKSUM = constant8( (0x5<<5),0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00 );
kiasu.c: ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kiasu.c: ./aes_ni.macros:13:171: note: expanded from macro 'constant8'
kiasu.c: #define constant8(b15,b14,b13,b12,b11,b10,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0) _mm_set_epi8 ((b0),(b1),(b2),(b3),(b4),(b5),(b6),(b7),(b8),(b9),(b10),(b11),(b12),(b13),(b14),(b15))
kiasu.c: ~~~~~~~~~~~~ ^~~
kiasu.c: kiasu.c:130:4: error: always_inline function '_mm_aesenc_si128' requires target feature 'aes', but would be inlined into function 'kiasu_aead_encrypt' that is compiled without support for 'aes'
kiasu.c: AES( State, subkeys, Tweak );
kiasu.c: ^
kiasu.c: ./aes_ni.macros:21:5: note: expanded from macro 'AES'
kiasu.c: s = enc( s , xor( subkeys[1] , tw ) );\
kiasu.c: ^
kiasu.c: ./aes_ni.macros:1:18: note: expanded from macro 'enc'
kiasu.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:opt