Implementation notes: amd64, comet, crypto_aead/deoxysi128v141

Computer: comet
Architecture: amd64
CPU ID: GenuineIntel-000806ec-bfebfbff
SUPERCOP version: 20211108
Operation: crypto_aead
Primitive: deoxysi128v141
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
690325468 0 042215 828 1040T:aesnigcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
725325239 0 039559 828 1040T:aesnigcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
730123361 0 036370 804 1040T:aesnigcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
742027216 0 041447 828 1040T:aesnigcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
760830824 0 047442 812 1040T:aesniclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
761230824 0 047442 812 1040T:aesniclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
762930920 0 047698 812 1040T:aesniclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
793129007 0 042360 804 1008T:aesniclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
10509116220 0 0133394 812 1040T:aesnisclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
10514116220 0 0133394 812 1040T:aesnisclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
10584116064 0 0129480 804 1008T:aesnisclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
10687116387 0 0133714 812 1040T:aesnisclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
10978119595 0 0133959 828 1040T:aesnisgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
11233115641 0 0129911 828 1040T:aesnisgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
11323121703 0 0138503 828 1040T:aesnisgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
11401109608 0 0122618 804 1040T:aesnisgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
6479698770 0 547115218 812 1584T:bitsliceclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
6486298770 0 547115362 812 1584T:bitsliceclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
6501798770 0 547115218 812 1584T:bitsliceclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
67497111744 0 592128535 828 1648T:bitslicegcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
7907597172 0 547109960 804 1584T:bitsliceclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
7968294404 0 592108759 828 1648T:bitslicegcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
82916148421 0 592162711 828 1648T:bitslicegcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
8544089643 0 592102658 804 1648T:bitslicegcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
12168132876 0 59245938 804 1648T:tablegcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
12286834783 0 59249175 828 1648T:tablegcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
12480735724 0 54752442 812 1584T:tableclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
12523336002 0 54753570 812 1584T:tableclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
12532735970 0 54753394 812 1584T:tableclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
12564135970 0 54753394 812 1584T:tableclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
12674436586 0 59253383 828 1648T:tablegcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
13022334814 0 54748456 804 1584T:tableclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
13431934426 0 59248735 828 1648T:tablegcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
51577525325 0 042746 812 1040T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
51676225325 0 042746 812 1040T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
59400428265 0 045047 828 1040T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
63634526893 0 044474 812 1040T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
64398127037 0 043770 812 1008T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
143992024538 0 038919 828 1040T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
205489024810 0 038464 804 1008T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011520210114
209470223909 0 038223 828 1040T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114
215787422536 0 035602 804 1040T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011520210114

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:98:13: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:105:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE2( tsubkeys,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:39:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( subkeys[ 0], subkeys[ 1] ); ts[ 1] = xor( subkeys[ 1], RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:35:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:105:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( subkeys[ 1], subkeys[ 2] ); ts[ 2] = xor( subkeys[ 2], RCONS[ 2] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:35:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:81:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE2(subkeys, key, tmp, tmp1);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2 ); subkeys[ 1] = xor( tmp2, RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:27:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:81:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:34:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1 ); subkeys[ 2] = xor( tmp1, RCONST( 2) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:27:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:81:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:35:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2 ); subkeys[ 3] = xor( tmp2, RCONST( 3) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys_8.c: deoxys_8.c:178:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt_8' that is compiled without support for 'ssse3'
deoxys_8.c: KEY_SCHEDULE(key, subkey);
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:76:5: note: expanded from macro 'KEY_SCHEDULE'
deoxys_8.c: packing(subkey[0]);\
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:401:14: note: expanded from macro 'packing'
deoxys_8.c: (x)[0] = shuffle_pack((x)[0]);\
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxys_8.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:31:25: note: expanded from macro 'permute'
deoxys_8.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys_8.c: ^
deoxys_8.c: deoxys_8.c:178:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt_8' that is compiled without support for 'ssse3'
deoxys_8.c: ./deoxys.macros:76:5: note: expanded from macro 'KEY_SCHEDULE'
deoxys_8.c: packing(subkey[0]);\
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:402:14: note: expanded from macro 'packing'
deoxys_8.c: (x)[1] = shuffle_pack((x)[1]);\
deoxys_8.c: ^
deoxys_8.c: ./deoxys.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxys_8.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxys_8.c: ^
deoxys_8.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice

Namespace violations

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T

Number of similar (compiler,implementation) pairs: 16, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis

Namespace violations

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys_8.o deoxys_aead_decrypt_8 T
deoxys_8.o deoxys_aead_encrypt_8 T
deoxys_BC.o DeoxysDecrypt_Checksum T
deoxys_BC.o DeoxysEncrypt_Auth T
deoxys_BC.o DeoxysEncrypt_Checksum T
tweakableBC.o RCON_ROW R
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o prepare_subkeys T

Number of similar (compiler,implementation) pairs: 8, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice

Namespace violations

Implementation: T:ref
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T
tweakableBC.o G T
tweakableBC.o H T
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o choose_lfsr T
tweakableBC.o deoxysKeySetupDec256 T
tweakableBC.o deoxysKeySetupEnc256 T

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref

Namespace violations

Implementation: T:table
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.o deoxys_aead_decrypt T
deoxys.o deoxys_aead_encrypt T
tweakableBC.o RCON_ROW R
tweakableBC.o aesTweakDecrypt T
tweakableBC.o aesTweakEncrypt T
tweakableBC.o prepare_subkeys T

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:table
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:table