Implementation notes: amd64, nucnuc, crypto_kem/bikel3

Computer: nucnuc
Microarchitecture: amd64; Airmont (406c3)
Architecture: amd64
CPU ID: GenuineIntel-000406c3-bfebfbff
SUPERCOP version: 20240107
Operation: crypto_kem
Primitive: bikel3

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
41689919	33855 56 4	53748 884 1724	`T:aes-ni-and-pclmul`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
55655962	22315 56 4	40508 884 1724	`T:aes-ni-and-pclmul`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
57573839	78540 56 4	98248 852 1756	`T:aes-ni-and-pclmul`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
58201682	15378 56 4	31938 876 1724	`T:aes-ni-and-pclmul`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
66457549	16627 56 4	34354 876 1724	`T:aes-ni-and-pclmul`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
69950754	45273 56 4	63808 852 1756	`T:aes-ni-and-pclmul`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
75637456	29382 56 4	45928 844 1724	`T:aes-ni-and-pclmul`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
78136724	43618 56 4	61520 852 1756	`T:aes-ni-and-pclmul`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
96922679	30237 48 4	50754 932 1724	`T:portable`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
96993469	33433 56 4	53276 884 1724	`T:aes-ni-only`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
98032376	32906 48 4	52994 932 1724	`T:portable`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
107096247	100167 48 4	120427 916 1756	`T:portable`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
107129024	104176 56 4	123856 852 1756	`T:aes-ni-only`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
110796247	19446 48 4	38306 932 1724	`T:portable`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
110902762	21893 56 4	40100 884 1724	`T:aes-ni-only`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
146058658	12129 48 4	29352 924 1724	`T:portable`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
146089132	14354 56 4	30938 876 1724	`T:aes-ni-only`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
156936691	14105 48 4	32480 924 1724	`T:portable`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
157179748	16221 56 4	33954 876 1724	`T:aes-ni-only`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20240124	20231217
160005632	41637 48 4	60763 916 1756	`T:portable`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
160121875	44389 56 4	62904 852 1756	`T:aes-ni-only`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
167128058	29064 56 4	45504 844 1724	`T:aes-ni-only`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
167295539	26856 48 4	43931 908 1724	`T:portable`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
169119575	40296 48 4	58875 916 1756	`T:portable`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217
169187872	42519 56 4	60424 852 1756	`T:aes-ni-only`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20240124	20231217

Compiler output

Implementation: T:aes-ni-and-pclmul
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

aes.c: aes.c:9:4: error: "This code requries support for AES_NI and SSSE3"
aes.c: # error "This code requries support for AES_NI and SSSE3"
aes.c: ^
aes.c: 1 error generated.

Number of similar (compiler,implementation) pairs: 6, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aes-ni-and-pclmul T:aes-ni-only T:avx2 T:avx512 T:avx512-vpclmul T:ches2021

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:22:10: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'gf2x_mod_add' that is compiled without support for 'avx'
decode.c: va = LOAD(&a_qwords[i]);
decode.c: ^
decode.c: ./x86_64_intrinsic.h:30:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm256_loadu_si256((const void *)(mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:22:10: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
decode.c: ./x86_64_intrinsic.h:30:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm256_loadu_si256((const void *)(mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:23:10: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'gf2x_mod_add' that is compiled without support for 'avx'
decode.c: vb = LOAD(&b_qwords[i]);
decode.c: ^
decode.c: ./x86_64_intrinsic.h:30:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm256_loadu_si256((const void *)(mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:23:10: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
decode.c: ./x86_64_intrinsic.h:30:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm256_loadu_si256((const void *)(mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:avx2
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

decode.c: In file included from decode.c:39:
decode.c: gf2x.h: In function 'gf2x_mod_add':
decode.c: gf2x.h:22:8: warning: AVX vector return without AVX enabled changes the ABI [-Wpsabi]
decode.c: 22 | va = LOAD(&a_qwords[i]);
decode.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:51,
decode.c: from x86_64_intrinsic.h:20,
decode.c: from defs.h:103,
decode.c: from bike_defs.h:10,
decode.c: from types.h:13,
decode.c: from decode.h:10,
decode.c: from decode.c:37:
decode.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avxintrin.h:926:1: error: inlining failed in call to 'always_inline' '_mm256_storeu_si256': target specific option mismatch
decode.c: 926 | _mm256_storeu_si256 (__m256i_u *__P, __m256i __A)
decode.c: | ^~~~~~~~~~~~~~~~~~~
decode.c: In file included from defs.h:103,
decode.c: from bike_defs.h:10,
decode.c: from types.h:13,
decode.c: from decode.h:10,
decode.c: from decode.c:37:
decode.c: x86_64_intrinsic.h:31:27: note: called from here
decode.c: 31 | # define STORE(mem, reg) _mm256_storeu_si256((void *)(mem), (reg))
decode.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
decode.c: gf2x.h:25:5: note: in expansion of macro 'STORE'
decode.c: 25 | STORE(&c_qwords[i], va ^ vb);
decode.c: | ^~~~~
decode.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx2

Compiler output

Implementation: T:avx512
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:22:10: error: always_inline function '_mm512_loadu_si512' requires target feature 'avx512f', but would be inlined into function 'gf2x_mod_add' that is compiled without support for 'avx512f'
decode.c: va = LOAD(&a_qwords[i]);
decode.c: ^
decode.c: ./x86_64_intrinsic.h:40:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm512_loadu_si512((mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:22:10: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'avx512f' enabled changes the ABI
decode.c: ./x86_64_intrinsic.h:40:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm512_loadu_si512((mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:23:10: error: always_inline function '_mm512_loadu_si512' requires target feature 'avx512f', but would be inlined into function 'gf2x_mod_add' that is compiled without support for 'avx512f'
decode.c: vb = LOAD(&b_qwords[i]);
decode.c: ^
decode.c: ./x86_64_intrinsic.h:40:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm512_loadu_si512((mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ./gf2x.h:23:10: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'avx512f' enabled changes the ABI
decode.c: ./x86_64_intrinsic.h:40:27: note: expanded from macro 'LOAD'
decode.c: # define LOAD(mem) _mm512_loadu_si512((mem))
decode.c: ^
decode.c: In file included from decode.c:39:
decode.c: ...

Number of similar (compiler,implementation) pairs: 8, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512-vpclmul
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512-vpclmul
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512-vpclmul
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:avx512-vpclmul

Compiler output

Implementation: T:avx512
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

decode.c: In file included from decode.c:39:
decode.c: gf2x.h: In function 'gf2x_mod_add':
decode.c: gf2x.h:22:8: warning: AVX512F vector return without AVX512F enabled changes the ABI [-Wpsabi]
decode.c: 22 | va = LOAD(&a_qwords[i]);
decode.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:55,
decode.c: from x86_64_intrinsic.h:20,
decode.c: from defs.h:103,
decode.c: from bike_defs.h:10,
decode.c: from types.h:13,
decode.c: from decode.h:10,
decode.c: from decode.c:37:
decode.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avx512fintrin.h:6429:1: error: inlining failed in call to 'always_inline' '_mm512_storeu_si512': target specific option mismatch
decode.c: 6429 | _mm512_storeu_si512 (void *__P, __m512i __A)
decode.c: | ^~~~~~~~~~~~~~~~~~~
decode.c: In file included from defs.h:103,
decode.c: from bike_defs.h:10,
decode.c: from types.h:13,
decode.c: from decode.h:10,
decode.c: from decode.c:37:
decode.c: x86_64_intrinsic.h:41:27: note: called from here
decode.c: 41 | # define STORE(mem, reg) _mm512_storeu_si512((mem), (reg))
decode.c: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
decode.c: gf2x.h:25:5: note: in expansion of macro 'STORE'
decode.c: 25 | STORE(&c_qwords[i], va ^ vb);
decode.c: | ^~~~~
decode.c: ...

Number of similar (compiler,implementation) pairs: 8, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512-vpclmul
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512-vpclmul
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512-vpclmul
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:avx512-vpclmul

Compiler output

Implementation: T:ches2021
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

decode.c: decode.c:303:20: error: '__builtin_ia32_vec_ext_v4di' needs target feature avx
decode.c: printf("%.16llX", _mm256_extract_epi64(v, 0));
decode.c: ^
decode.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avxintrin.h:2024:14: note: expanded from macro '_mm256_extract_epi64'
decode.c: (long long)__builtin_ia32_vec_ext_v4di((__v4di)(__m256i)(X), (int)(N))
decode.c: ^
decode.c: decode.c:304:21: error: '__builtin_ia32_vec_ext_v4di' needs target feature avx
decode.c: printf(" %.16llX", _mm256_extract_epi64(v, 1));
decode.c: ^
decode.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avxintrin.h:2024:14: note: expanded from macro '_mm256_extract_epi64'
decode.c: (long long)__builtin_ia32_vec_ext_v4di((__v4di)(__m256i)(X), (int)(N))
decode.c: ^
decode.c: decode.c:305:21: error: '__builtin_ia32_vec_ext_v4di' needs target feature avx
decode.c: printf(" %.16llX", _mm256_extract_epi64(v, 2));
decode.c: ^
decode.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avxintrin.h:2024:14: note: expanded from macro '_mm256_extract_epi64'
decode.c: (long long)__builtin_ia32_vec_ext_v4di((__v4di)(__m256i)(X), (int)(N))
decode.c: ^
decode.c: decode.c:306:23: error: '__builtin_ia32_vec_ext_v4di' needs target feature avx
decode.c: printf(" %.16llX\n", _mm256_extract_epi64(v, 3));
decode.c: ^
decode.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avxintrin.h:2024:14: note: expanded from macro '_mm256_extract_epi64'
decode.c: (long long)__builtin_ia32_vec_ext_v4di((__v4di)(__m256i)(X), (int)(N))
decode.c: ^
decode.c: 4 errors generated.

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ches2021
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ches2021
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ches2021
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:ches2021

Compiler output

Implementation: T:ches2021
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE

decode.c: decode.c: In function 'dump1':
decode.c: decode.c:301:6: note: the ABI for passing parameters with 32-byte alignment has changed in GCC 4.6
decode.c: 301 | void dump1(__m256i v)
decode.c: | ^~~~~
decode.c: decode.c: In function 'find_err1':
decode.c: decode.c:351:11: warning: AVX vector return without AVX enabled changes the ABI [-Wpsabi]
decode.c: 351 | buf[j] = LOAD(&syndrome->qw[4 * j]);
decode.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:51,
decode.c: from x86_64_intrinsic.h:20,
decode.c: from defs.h:106,
decode.c: from bike_defs.h:10,
decode.c: from types.h:15,
decode.c: from decode.h:17,
decode.c: from decode.c:39:
decode.c: gf2x.h: In function 'gf2x_mod_add':
decode.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/avxintrin.h:926:1: error: inlining failed in call to 'always_inline' '_mm256_storeu_si256': target specific option mismatch
decode.c: 926 | _mm256_storeu_si256 (__m256i_u *__P, __m256i __A)
decode.c: | ^~~~~~~~~~~~~~~~~~~
decode.c: In file included from defs.h:106,
decode.c: from bike_defs.h:10,
decode.c: from types.h:15,
decode.c: from decode.h:17,
decode.c: from decode.c:39:
decode.c: x86_64_intrinsic.h:31:27: note: called from here
decode.c: 31 | # define STORE(mem, reg) _mm256_storeu_si256((void *)(mem), (reg))
decode.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:

Compiler	Implementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ches2021
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ches2021
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ches2021
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE	T:ches2021