Implementation notes: amd64, h3neo, crypto_aead/deoxysii128v141

Computer: h3neo
Microarchitecture: amd64; K10 45nm (100f63)
Architecture: amd64
CPU ID: AuthenticAMD-00100f63-078bfbff
SUPERCOP version: 20240107
Operation: crypto_aead
Primitive: deoxysii128v141
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
26614538922 0 62456020 812 1728T:tablegcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
28729235082 0 59250883 844 1632T:tableclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
28809135082 0 59249963 844 1632T:tableclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
29078933337 0 59246589 836 1632T:tableclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
29156836465 0 62452244 812 1728T:tablegcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
30131835583 0 59251979 844 1632T:tableclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
31013734375 0 62447991 788 1696T:tablegcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
33020234376 0 59248267 844 1632T:tableclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
33314835949 0 62450948 812 1728T:tablegcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
142226326382 0 042187 844 1024T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
143850626931 0 043363 844 1024T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
169700030203 0 047236 812 1088T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
221642724974 0 039859 844 1024T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
379588323873 0 037811 844 1024T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
440814026137 0 041868 812 1088T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
528363925427 0 040372 812 1088T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212
545702023559 0 036829 836 1024T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2023121820231212
724543724016 0 037607 788 1056T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2023121820231212

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:99:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:107:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE2( tsubkeys,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:31:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( subkeys[ 0], subkeys[ 1] ); ts[ 1] = xor( subkeys[ 1], RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:27:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:107:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:32:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( subkeys[ 1], subkeys[ 2] ); ts[ 2] = xor( subkeys[ 2], RCONS[ 2] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:27:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesni

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
deoxys.c: In file included from deoxys.c:31:
deoxys.c: deoxys.c: In function 'deoxys_aead_encrypt':
deoxys.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxys.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxys.c: | ^~~~~~~~~~~~~~~~
deoxys.c: In file included from deoxys.c:32:
deoxys.c: tweakable-cipher.macros:7:22: note: called from here
deoxys.c: 7 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: | ^~~~~~~~~~~~~~~~~~~~~
deoxys.c: deoxys.c:99:11: note: in expansion of macro 'permute'
deoxys.c: 99 | tmp = permute( tmp, H_PERMUTATION );
deoxys.c: | ^~~~~~~
deoxys.c: In file included from deoxys.c:31:
deoxys.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxys.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxys.c: | ^~~~~~~~~~~~~~~~
deoxys.c: In file included from deoxys.c:32:
deoxys.c: tweakable-cipher.macros:7:22: note: called from here
deoxys.c: 7 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: | ^~~~~~~~~~~~~~~~~~~~~
deoxys.c: deoxys.c:99:11: note: in expansion of macro 'permute'
deoxys.c: 99 | tmp = permute( tmp, H_PERMUTATION );
deoxys.c: | ^~~~~~~
deoxys.c: In file included from deoxys.c:31:
deoxys.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxys.c: deoxys.c:79:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE2( subkeys, key, tmp, tmp1 );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:32:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2 ); subkeys[ 1] = xor( tmp2, RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:26:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:79:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:33:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1 ); subkeys[ 2] = xor( tmp1, RCONST( 2) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:26:13: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key = permute( new_key, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:79:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:34:3: note: expanded from macro 'TWEAKEY_SCHEDULE2'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2 ); subkeys[ 3] = xor( tmp2, RCONST( 3) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:aesnis

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
deoxys.c: In file included from deoxys.c:29:
deoxys.c: deoxys.c: In function 'deoxys_aead_encrypt':
deoxys.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxys.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxys.c: | ^~~~~~~~~~~~~~~~
deoxys.c: In file included from deoxys.c:30:
deoxys.c: tweakable-cipher.macros:7:22: note: called from here
deoxys.c: 7 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: | ^~~~~~~~~~~~~~~~~~~~~
deoxys.c: tweakable-cipher.macros:26:13: note: in expansion of macro 'permute'
deoxys.c: 26 | new_key = permute( new_key, H_PERMUTATION);
deoxys.c: | ^~~~~~~
deoxys.c: tweakable-cipher.macros:45:3: note: in expansion of macro 'ONE_KEY_ROUND'
deoxys.c: 45 | ONE_KEY_ROUND( tmp2, tmp1 ); subkeys[14] = xor( tmp1, RCONST(14) );
deoxys.c: | ^~~~~~~~~~~~~
deoxys.c: deoxys.c:79:5: note: in expansion of macro 'TWEAKEY_SCHEDULE2'
deoxys.c: 79 | TWEAKEY_SCHEDULE2( subkeys, key, tmp, tmp1 );
deoxys.c: | ^~~~~~~~~~~~~~~~~
deoxys.c: In file included from deoxys.c:29:
deoxys.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxys.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxys.c: | ^~~~~~~~~~~~~~~~
deoxys.c: In file included from deoxys.c:30:
deoxys.c: tweakable-cipher.macros:7:22: note: called from here
deoxys.c: 7 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
deoxysBCii128.c: deoxysBCii128.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii128.c: packing(a);
deoxysBCii128.c: ^
deoxysBCii128.c: ./deoxysii128.macros:417:14: note: expanded from macro 'packing'
deoxysBCii128.c: (x)[0] = shuffle_pack((x)[0]);\
deoxysBCii128.c: ^
deoxysBCii128.c: ./deoxysii128.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii128.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii128.c: ^
deoxysBCii128.c: ./deoxysii128.macros:31:25: note: expanded from macro 'permute'
deoxysBCii128.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii128.c: ^
deoxysBCii128.c: deoxysBCii128.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii128.c: ./deoxysii128.macros:418:14: note: expanded from macro 'packing'
deoxysBCii128.c: (x)[1] = shuffle_pack((x)[1]);\
deoxysBCii128.c: ^
deoxysBCii128.c: ./deoxysii128.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii128.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii128.c: ^
deoxysBCii128.c: ./deoxysii128.macros:31:25: note: expanded from macro 'permute'
deoxysBCii128.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii128.c: ^
deoxysBCii128.c: deoxysBCii128.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii128.c: ./deoxysii128.macros:419:14: note: expanded from macro 'packing'
deoxysBCii128.c: (x)[2] = shuffle_pack((x)[2]);\
deoxysBCii128.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:bitslice

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
deoxysBCii128.c: In file included from deoxysBCii128.c:29:
deoxysBCii128.c: deoxysBCii128.c: In function 'DeoxysEncrypt_Auth':
deoxysBCii128.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxysBCii128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxysBCii128.c: | ^~~~~~~~~~~~~~~~
deoxysBCii128.c: In file included from deoxysBCii128.c:30:
deoxysBCii128.c: deoxysii128.macros:31:25: note: called from here
deoxysBCii128.c: 31 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii128.c: | ^~~~~~~~~~~~~~~~~~~~~
deoxysBCii128.c: deoxysii128.macros:32:25: note: in expansion of macro 'permute'
deoxysBCii128.c: 32 | #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii128.c: | ^~~~~~~
deoxysBCii128.c: deoxysii128.macros:424:14: note: in expansion of macro 'shuffle_pack'
deoxysBCii128.c: 424 | (x)[7] = shuffle_pack((x)[7]);\
deoxysBCii128.c: | ^~~~~~~~~~~~
deoxysBCii128.c: deoxysBCii128.c:237:5: note: in expansion of macro 'packing'
deoxysBCii128.c: 237 | packing(a);
deoxysBCii128.c: | ^~~~~~~
deoxysBCii128.c: In file included from deoxysBCii128.c:29:
deoxysBCii128.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
deoxysBCii128.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
deoxysBCii128.c: | ^~~~~~~~~~~~~~~~
deoxysBCii128.c: In file included from deoxysBCii128.c:30:
deoxysBCii128.c: deoxysii128.macros:31:25: note: called from here
deoxysBCii128.c: 31 | #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii128.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:bitslice