Implementation notes: amd64, hydra5, crypto_kem/kyber90s1024
Computer: hydra5
Microarchitecture: amd64; K10 32nm (300f10)
Architecture: amd64
CPU ID: AuthenticAMD-00300f10-178bfbff
SUPERCOP version: 20240625
Operation: crypto_kem
Primitive: kyber90s1024
| Time | Object size | Test size | Implementation | Compiler | Benchmark date | SUPERCOP version |
|---|
| 1955058 | 58721 0 0 | 77336 868 1728 | ref | clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240702 | 20240625 |
| 2028506 | 71610 0 0 | 91112 868 1728 | ref | clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240702 | 20240625 |
| 2033940 | 71594 0 0 | 91080 868 1728 | ref | clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240702 | 20240625 |
| 2140306 | 43744 0 0 | 61120 868 1728 | ref | clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall | 20240702 | 20240625 |
Test failure
error 111
crypto_kem_dec does not match k
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
Compiler output
aes256ctr.c: aes256ctr.c:90:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ((__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R)))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:91:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK2(0x01);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:81:11: note: expanded from macro 'BLOCK2'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ((__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R)))
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:93:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c: BLOCK1(0x02);
aes256ctr.c: ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c: temp1 = _mm_aeskeygenassist_si128(temp2, IMM); \
aes256ctr.c: ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ...
Number of similar (implementation,compiler) pairs: 5, namely:
| Implementation | Compiler |
| avx2 | clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
| avx2 | clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
| avx2 | clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
| avx2 | clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
| avx2 | clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
Compiler output
aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:37,
aes256ctr.c: from aes256ctr.c:8:
aes256ctr.c: aes256ctr.c: In function 'aesni_encrypt4':
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c: | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:23:8: note: called from here
aes256ctr.c: 23 | f3 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(3,0)),idx);
aes256ctr.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:37,
aes256ctr.c: from aes256ctr.c:8:
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c: | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:22:8: note: called from here
aes256ctr.c: 22 | f2 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(2,0)),idx);
aes256ctr.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:37,
aes256ctr.c: from aes256ctr.c:8:
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c: 136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c: | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:21:8: note: called from here
aes256ctr.c: 21 | f1 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(1,0)),idx);
aes256ctr.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: ...
Number of similar (implementation,compiler) pairs: 4, namely:
| Implementation | Compiler |
| avx2 | gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
| avx2 | gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
| avx2 | gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
| avx2 | gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
Compiler output
aes256ctr.c: aes256ctr.c:557:64: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:21:34: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c: 21 | const uint8_t key[32],
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:557:84: warning: argument 4 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:22:34: note: previously declared as an array 'const uint8_t[12]' {aka 'const unsigned char[12]'}
aes256ctr.c: 22 | const uint8_t nonce[12]);
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~~~
aes256ctr.c: aes256ctr.c:565:54: warning: argument 2 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:26:35: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c: 26 | const uint8_t key[32],
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:565:74: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: ...
Number of similar (implementation,compiler) pairs: 2, namely:
| Implementation | Compiler |
| ref | gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
| ref | gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
Compiler output
aes256ctr.c: aes256ctr.c:557:64: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:21:34: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c: 21 | const uint8_t key[32],
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:557:84: warning: argument 4 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:22:34: note: previously declared as an array 'const uint8_t[12]' {aka 'const unsigned char[12]'}
aes256ctr.c: 22 | const uint8_t nonce[12]);
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~~~
aes256ctr.c: aes256ctr.c:565:54: warning: argument 2 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:26:35: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c: 26 | const uint8_t key[32],
aes256ctr.c: | ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:565:74: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c: 565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c: | ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: ...
kem.c: kem.c:23:32: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c: 23 | int crypto_kem_keypair(uint8_t pk[KYBER_PUBLICKEYBYTES],
kem.c: | ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:4:
kem.c: kem.h:33:33: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c: 33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c: | ~~~~~~~~~^~
kem.c: kem.c:24:32: warning: argument 2 of type 'uint8_t[3168]' {aka 'unsigned char[3168]'} with mismatched bound [-Warray-parameter=]
kem.c: 24 | uint8_t sk[KYBER_SECRETKEYBYTES])
kem.c: | ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:4:
kem.c: kem.h:33:46: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c: 33 | int crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
kem.c: | ~~~~~~~~~^~
kem.c: kem.c:51:28: warning: argument 1 of type 'uint8_t[1568]' {aka 'unsigned char[1568]'} with mismatched bound [-Warray-parameter=]
kem.c: 51 | int crypto_kem_enc(uint8_t ct[KYBER_CIPHERTEXTBYTES],
kem.c: | ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:4:
kem.c: kem.h:36:29: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
kem.c: 36 | int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
kem.c: | ~~~~~~~~~^~
kem.c: kem.c:52:28: warning: argument 2 of type 'uint8_t[32]' {aka 'unsigned char[32]'} with mismatched bound [-Warray-parameter=]
kem.c: 52 | uint8_t ss[KYBER_SSBYTES],
kem.c: | ~~~~~~~~^~~~~~~~~~~~~~~~~
kem.c: In file included from kem.c:4:
kem.c: ...
Number of similar (implementation,compiler) pairs: 2, namely:
| Implementation | Compiler |
| ref | gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
| ref | gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0) |
TIMECOP error (can be valgrind bug)
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x117F9C
at 0x...: cbd2 (cbd.c:72)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_poly_getnoise_eta1 (poly.c:224)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_indcpa_keypair (indcpa.c:223)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_keypair (kem.c:27)
by 0x...: test (try.c:126)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
TIMECOP error (can be valgrind bug)
Process terminating with default action of signal 4 (SIGILL)
Illegal opcode at address 0x119970
at 0x...: cbd2 (cbd.c:72)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_poly_getnoise_eta1 (poly.c:224)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_indcpa_keypair (indcpa.c:223)
by 0x...: crypto_kem_kyber90s1024_ref_constbranchindex_keypair (kem.c:27)
by 0x...: test (try.c:126)
by 0x...: main (try-anything.c:345)
Number of similar (implementation,compiler) pairs: 1, namely:
| Implementation | Compiler |
| ref | clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
Passed TIMECOP
TIMECOP iterations: 1
Number of similar (implementation,compiler) pairs: 2, namely:
| Implementation | Compiler |
| ref | clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |
| ref | clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0) |