Implementation notes: amd64, bolero, crypto_aead/deoxysii256v141

Computer: bolero
Architecture: amd64
CPU ID: GenuineIntel-000406f1-bfebfbff
SUPERCOP version: 20211108
Operation: crypto_aead
Primitive: deoxysii256v141
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
1124035486 0 053013 784 928T:aesnigcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
1159639034 0 053316 776 928T:aesnigcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
1163234104 0 047256 760 896T:aesnigcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
1186835010 0 049348 776 928T:aesnigcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
1259249914 0 065825 776 872T:aesniclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
1268049356 0 065233 776 872T:aesniclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
1271649356 0 065233 776 872T:aesniclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
1304045979 0 058423 768 856T:aesniclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
20084162525 0 0180085 784 928T:aesnisgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
20240156059 0 0170404 776 928T:aesnisgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
20244161545 0 0174712 760 896T:aesnisgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
23956175975 0 0192417 776 872T:aesnisclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
23972175975 0 0192417 776 872T:aesnisclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
24016166333 0 0178815 768 856T:aesnisclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
24080178109 0 0194561 776 872T:aesnisclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
25964159933 0 0174228 776 928T:aesnisgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
111280127705 0 592143521 776 1472T:bitsliceclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
111544127705 0 592143505 776 1472T:bitsliceclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
111564127705 0 592143505 776 1472T:bitsliceclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
116816145480 0 624162925 784 1552T:bitslicegcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
132316124492 0 592136375 768 1456T:bitsliceclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
133760213066 0 624227317 784 1552T:bitslicegcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
136108122722 0 624137029 784 1552T:bitslicegcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
143752116062 0 624129096 760 1520T:bitslicegcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
73277236653 0 59253401 776 1472T:tableclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
74356036653 0 59253385 776 1472T:tableclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
75828036653 0 59253385 776 1472T:tableclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
76260836658 0 59252521 776 1456T:tableclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
83844837595 0 62455181 784 1552T:tablegcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
84795635569 0 62450053 784 1552T:tablegcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
120680827842 0 045381 784 928T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
133970826001 0 042745 776 872T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
134238833402 0 59246159 768 1456T:tableclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
138554426988 0 042865 776 856T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
142598435569 0 62450021 784 1552T:tablegcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
143918426001 0 042745 776 872T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
146653627345 0 044105 776 872T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
150546834127 0 62447344 760 1520T:tablegcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
286863225423 0 039869 784 928T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
362109623801 0 036567 768 856T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2020081920200816
460995623735 0 036952 760 896T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816
491831225025 0 039437 784 928T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2020081920200816

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:104:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( tsubkeys1,tsubkeys2,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:35:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( subkeys, key, tmp,tmp2,tmp3,tmp4 );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:41:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1, tmp4, tmp3 ); subkeys[ 2] = xor( xor(tmp1,tmp3), RCONST( 2) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: packing(a);
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:473:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[0] = shuffle_pack((x)[0]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:474:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[1] = shuffle_pack((x)[1]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:475:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[2] = shuffle_pack((x)[2]);\
deoxysBCii256.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice

Namespace violations

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T

Number of similar (compiler,implementation) pairs: 16, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis

Namespace violations

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxysBCii256.o DeoxysEncrypt_Auth T
deoxysBCii256.o DeoxysEncrypt_XOR T
deoxysii256.o deoxys_aead_decrypt_8 T
deoxysii256.o deoxys_aead_encrypt_8 T
tweakableBC.o RCON_ROW R
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o prepare_subkeys T

Number of similar (compiler,implementation) pairs: 8, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice

Namespace violations

Implementation: T:ref
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T
tweakableBC.o G T
tweakableBC.o H T
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o choose_lfsr T
tweakableBC.o deoxysKeySetupDec256 T
tweakableBC.o deoxysKeySetupEnc256 T

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref

Namespace violations

Implementation: T:table
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T
tweakableBC.o RCON_ROW R
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o prepare_subkeys T

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table