Implementation notes: amd64, hydra4, crypto_kem/kyber512
Computer: hydra4
Microarchitecture: amd64; K10 32nm (300f10)
Architecture: amd64
CPU ID: AuthenticAMD-00300f10-178bfbff
SUPERCOP version: 20240625
Operation: crypto_kem
Primitive: kyber512
| Time | Object size | Test size | Implementation | Compiler | Benchmark date | SUPERCOP version |
|---|
| 472079 | 37531 0 0 | 130832 820 1720 | compact | clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 472255 | 37339 0 0 | 130640 820 1720 | compact | clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 488472 | 24419 0 0 | 116872 820 1720 | compact | clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 528191 | 31126 0 0 | 50760 820 1720 | ref | clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 532549 | 30998 0 0 | 50632 820 1720 | ref | clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 542538 | 21022 0 0 | 39760 820 1720 | ref | clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 569298 | 7879 0 0 | 98486 812 1720 | compact | clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 575870 | 12627 0 0 | 29430 812 1720 | ref | clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 594003 | 13594 0 0 | 32232 788 1752 | ref | gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 626431 | 11984 0 0 | 29696 788 1752 | ref | gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 637189 | 39767 0 0 | 59544 788 1752 | ref | gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 649958 | 11190 0 0 | 27632 780 1720 | ref | gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 667716 | 13635 0 0 | 31150 812 1720 | ref | clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
| 668449 | 8000 0 0 | 99686 812 1720 | compact | clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240708 | 20240625 |
Compiler output
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'crypto_kem_kyber512_avx2_constbranchindex_KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c: Xor_In4( 0 );
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c: #define LOAD256u(a) _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c: #define LOAD256u(a) _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'crypto_kem_kyber512_avx2_constbranchindex_KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: lanes1 = LOAD256u( curData1[argIndex]),\
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c: #define LOAD256u(a) _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c: ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: ...
Number of similar (implementation,compiler) pairs: 5, namely:
| Implementation | Compiler |
| avx2 | clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| avx2 | clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| avx2 | clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| avx2 | clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| avx2 | clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
Compiler output
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c: In function 'crypto_kem_kyber512_avx2_constbranchindex_KeccakP1600times4_AddLanesAll':
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:40: warning: AVX vector return without AVX enabled changes the ABI [-Wpsabi]
KeccakP-1600-times4-SIMD256.c: 135 | #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c: | ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: note: in expansion of macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: 146 | Xor_In4( 0 );
KeccakP-1600-times4-SIMD256.c: | ^~~~~~~
KeccakP-1600-times4-SIMD256.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
KeccakP-1600-times4-SIMD256.c: from KeccakP-1600-times4-SIMD256.c:21:
KeccakP-1600-times4-SIMD256.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx2intrin.h:913:1: error: inlining failed in call to 'always_inline' '_mm256_xor_si256': target specific option mismatch
KeccakP-1600-times4-SIMD256.c: 913 | _mm256_xor_si256 (__m256i __A, __m256i __B)
KeccakP-1600-times4-SIMD256.c: | ^~~~~~~~~~~~~~~~
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:55:41: note: called from here
KeccakP-1600-times4-SIMD256.c: 55 | #define XOReq256(a, b) a = _mm256_xor_si256(a, b)
KeccakP-1600-times4-SIMD256.c: | ^~~~~~~~~~~~~~~~~~~~~~
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:143:33: note: in expansion of macro 'XOReq256'
KeccakP-1600-times4-SIMD256.c: 143 | XOReq256( stateAsLanes[argIndex+3], lanes3 )
KeccakP-1600-times4-SIMD256.c: | ^~~~~~~~
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:149:9: note: in expansion of macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: 149 | Xor_In4( 12 );
KeccakP-1600-times4-SIMD256.c: | ^~~~~~~
KeccakP-1600-times4-SIMD256.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:53,
KeccakP-1600-times4-SIMD256.c: from KeccakP-1600-times4-SIMD256.c:21:
KeccakP-1600-times4-SIMD256.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx2intrin.h:913:1: error: inlining failed in call to 'always_inline' '_mm256_xor_si256': target specific option mismatch
KeccakP-1600-times4-SIMD256.c: 913 | _mm256_xor_si256 (__m256i __A, __m256i __B)
KeccakP-1600-times4-SIMD256.c: ...
Number of similar (implementation,compiler) pairs: 4, namely:
| Implementation | Compiler |
| avx2 | gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| avx2 | gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| avx2 | gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| avx2 | gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
Compiler output
try.c: /usr/bin/ld: .../supercop-data/hydra4/amd64/lib/libkeccak.a(KeccakP-1600-x86-64-gas.o): relocation R_X86_64_32S against `.text' can not be used when making a PIE object; recompile with -fPIE
try.c: collect2: error: ld returned 1 exit status
Number of similar (implementation,compiler) pairs: 4, namely:
| Implementation | Compiler |
| compact | gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| compact | gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| compact | gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| compact | gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x403F5F
at 0x...: poly_frommsg (kem.c:191)
by 0x...: indcpa_enc (kem.c:412)
by 0x...: crypto_kem_kyber512_compact_constbranchindex_enc (kem.c:472)
by 0x...: test (try.c:141)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| compact | clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x4045CB
at 0x...: poly_frommsg (kem.c:191)
by 0x...: indcpa_enc (kem.c:412)
by 0x...: crypto_kem_kyber512_compact_constbranchindex_enc (kem.c:472)
by 0x...: test (try.c:141)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| compact | clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x402E5C
at 0x...: polyvec_compress (kem.c:262)
by 0x...: pack_ciphertext (kem.c:338)
by 0x...: indcpa_enc (kem.c:427)
by 0x...: crypto_kem_kyber512_compact_constbranchindex_enc (kem.c:472)
by 0x...: test (try.c:141)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| compact | clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x4055DF
at 0x...: crypto_kem_kyber512_ref_constbranchindex_poly_frommsg (poly.c:176)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_indcpa_enc (indcpa.c:271)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_enc (kem.c:68)
by 0x...: test (try.c:141)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x405B87
at 0x...: crypto_kem_kyber512_ref_constbranchindex_poly_frommsg (poly.c:176)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_indcpa_enc (indcpa.c:271)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_enc (kem.c:68)
by 0x...: test (try.c:141)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
TIMECOP error (can be valgrind bug)
error 111
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x402B3E
at 0x...: load64 (fips202.c:27)
by 0x...: keccak_absorb_once (fips202.c:474)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_sha3_256 (fips202.c:750)
by 0x...: crypto_kem_kyber512_ref_constbranchindex_keypair (kem.c:30)
by 0x...: test (try.c:126)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
Passed TIMECOP
TIMECOP iterations: 1
Number of similar (implementation,compiler) pairs: 8, namely:
| Implementation | Compiler |
| compact | clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| compact | clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| ref | clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| ref | clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1) |
| ref | gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| ref | gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| ref | gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |
| ref | gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110) |