Implementation notes: amd64, bolero, crypto_aead/deoxysii256v141

Computer: bolero
Microarchitecture: amd64; Broadwell+AES (406f1)
Architecture: amd64
CPU ID: GenuineIntel-000406f1-1fc9cbf5
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: deoxysii256v141

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
11608	47367 0 0	64181 784 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
11764	37451 0 0	50608 760 896	`T:aesni`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
11804	44601 0 0	60956 816 872	`T:aesni`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
11828	44633 0 0	61300 816 872	`T:aesni`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
11912	43988 0 0	58404 776 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
12044	44805 0 0	59605 784 928	`T:aesni`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
12384	44762 0 0	57748 816 856	`T:aesni`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
12480	44587 0 0	58334 808 920	`T:aesni`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
16268	189515 0 0	206516 816 872	`T:aesnis`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
16440	178483 0 0	191372 816 856	`T:aesnis`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
16444	177676 0 0	191254 808 920	`T:aesnis`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
18364	189483 0 0	206172 816 872	`T:aesnis`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
20000	167441 0 0	184253 784 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
20024	159895 0 0	174685 784 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
20448	160240 0 0	173384 760 896	`T:aesnis`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
37276	159421 0 0	173820 776 928	`T:aesnis`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
109980	121329 0 592	137876 816 1472	`T:bitslice`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
110124	121329 0 592	137564 816 1472	`T:bitslice`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
117700	148110 0 624	164877 784 1552	`T:bitslice`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
129420	126727 0 624	141429 784 1552	`T:bitslice`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
136564	213378 0 624	227805 784 1552	`T:bitslice`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
144564	120093 0 592	133326 808 1520	`T:bitslice`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
145432	121146 0 624	134224 760 1520	`T:bitslice`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
148100	124644 0 592	137156 816 1456	`T:bitslice`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
678352	33511 0 592	47630 808 1520	`T:table`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
694396	35906 0 592	53452 816 1472	`T:table`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
716276	35631 0 592	51628 816 1456	`T:table`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
769584	35906 0 592	53140 816 1472	`T:table`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
845308	36354 0 624	51157 784 1552	`T:table`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
879272	38593 0 624	55421 784 1552	`T:table`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
964180	25585 0 0	42828 816 872	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
1029104	34615 0 592	48100 816 1456	`T:table`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
1085020	28529 0 0	45333 784 928	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
1336544	26963 0 0	42980 816 856	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
1386412	27249 0 0	44820 816 872	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
1405936	34453 0 624	47624 760 1520	`T:table`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
1657088	35970 0 624	50517 784 1552	`T:table`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
2334756	23714 0 0	37822 808 920	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
2673464	24235 0 0	37740 816 856	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20231213	20231212
2879284	26058 0 0	40829 784 928	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
4800036	25466 0 0	39973 784 928	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212
5213000	24028 0 0	37192 760 896	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20231213	20231212

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:104:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( tsubkeys1,tsubkeys2,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:35:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( subkeys, key, tmp,tmp2,tmp3,tmp4 );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:41:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1, tmp4, tmp3 ); subkeys[ 2] = xor( xor(tmp1,tmp3), RCONST( 2) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: packing(a);
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:473:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[0] = shuffle_pack((x)[0]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:474:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[1] = shuffle_pack((x)[1]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:475:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[2] = shuffle_pack((x)[2]);\
deoxysBCii256.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:bitslice