Implementation notes: amd64, panther, crypto_kem/frodokem976

Computer: panther
Microarchitecture: amd64; Tiger Lake (806c1)
Architecture: amd64
CPU ID: GenuineIntel-000806c1-00-bfebfbff
SUPERCOP version: 20240808
Operation: crypto_kem
Primitive: frodokem976

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
4805755	52078 0 8	70347 860 1784	`T:optimized`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
5041060	188211 0 0	70587 860 1784	`T:x64`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
5099797	145207 0 0	83875 892 1752	`T:x64`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
5184404	136084 0 0	75059 892 1752	`T:x64`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
5279315	67703 0 8	85139 892 1752	`T:optimized`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
5366965	60682 0 8	77683 892 1752	`T:optimized`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
6141605	30903 0 8	49339 892 1752	`T:optimized`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
7100882	79952 0 0	29441 884 1752	`T:x64`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
7135269	11893 0 8	29393 884 1752	`T:optimized`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
9618783	79729 0 0	29729 884 1752	`T:x64`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
9690201	91186 0 0	33691 860 1784	`T:x64`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
11611506	83807 0 0	30227 860 1784	`T:x64`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
13041541	82191 0 0	27827 852 1752	`T:x64`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
23039233	12391 0 8	29601 884 1752	`T:optimized`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
30793223	46784 38 8	65027 908 1784	`T:reference`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
31582557	15025 0 8	33435 860 1784	`T:optimized`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
37440260	10671 0 8	27635 852 1752	`T:optimized`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
39999285	69567 24 8	88051 924 1752	`T:reference`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
40338482	67914 24 8	85963 924 1752	`T:reference`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
40696951	12123 0 8	30083 860 1784	`T:optimized`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
51407396	11467 24 8	28953 916 1752	`T:reference`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
52220755	28247 24 8	47219 924 1752	`T:reference`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
52696762	11919 24 8	29089 916 1752	`T:reference`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
53423935	14291 38 8	32739 908 1784	`T:reference`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
57927729	11562 38 8	29491 908 1784	`T:reference`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716
61705791	10069 38 8	27075 900 1752	`T:reference`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240721	20240716

Compiler output

KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c:         Xor_In4( 0 );
KeccakP-1600-times4-SIMD256.c:         ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:     #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:135:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:     #define Xor_In4( argIndex ) lanes0 = LOAD256u( curData0[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: always_inline function '_mm256_loadu_si256' requires target feature 'avx', but would be inlined into function 'KeccakP1600times4_AddLanesAll' that is compiled without support for 'avx'
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c:                                 lanes1 = LOAD256u( curData1[argIndex]),\
KeccakP-1600-times4-SIMD256.c:                                          ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:44:37: note: expanded from macro 'LOAD256u'
KeccakP-1600-times4-SIMD256.c:     #define LOAD256u(a)             _mm256_loadu_si256((const V256 *)&(a))
KeccakP-1600-times4-SIMD256.c:                                     ^
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:146:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
KeccakP-1600-times4-SIMD256.c: KeccakP-1600-times4-SIMD256.c:136:42: note: expanded from macro 'Xor_In4'
KeccakP-1600-times4-SIMD256.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`T:x64`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

Namespace violations

aes.o AES128_free_schedule T
aes.o AES256_free_schedule T
aes.o handleErrors T
aes_c.o aes128_enc_c T
aes_c.o aes128_load_schedule_c T
aes_c.o aes256_enc_c T
aes_c.o aes256_load_schedule_c T
fips202.o KeccakF1600_StatePermute T
fips202.o cshake128_simple T
fips202.o cshake128_simple_absorb T
fips202.o cshake128_simple_squeezeblocks T
fips202.o cshake256_simple T
fips202.o cshake256_simple_absorb T
fips202.o cshake256_simple_squeezeblocks T
fips202.o shake128 T
fips202.o shake128_absorb T
fips202.o shake128_squeezeblocks T
fips202.o shake256 T
fips202.o shake256_absorb T
fips202.o shake256_squeezeblocks T
frodo976.o CDF_TABLE R
frodo976.o CDF_TABLE_LEN R
frodo976.o frodo_add T
frodo976.o frodo_key_decode T
frodo976.o frodo_key_encode T
frodo976.o frodo_mul_add_as_plus_e T
frodo976.o frodo_mul_add_sa_plus_e T
frodo976.o frodo_mul_add_sb_plus_e T
frodo976.o frodo_mul_bs T
frodo976.o frodo_sample_n T
frodo976.o frodo_sub T
util.o clear_words T
util.o frodo_pack T
util.o frodo_unpack T

Number of similar (implementation,compiler) pairs: 9, namely:

Implementation	Compiler
`T:optimized`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:optimized`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:optimized`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:optimized`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:optimized`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:optimized`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:optimized`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:optimized`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:optimized`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

Namespace violations

aes.o AES128_free_schedule T
aes.o AES256_free_schedule T
aes.o handleErrors T
aes_c.o aes128_enc_c T
aes_c.o aes128_load_schedule_c T
aes_c.o aes256_enc_c T
aes_c.o aes256_load_schedule_c T
fips202.o KeccakF1600_StatePermute T
fips202.o cshake128_simple T
fips202.o cshake128_simple_absorb T
fips202.o cshake128_simple_squeezeblocks T
fips202.o cshake256_simple T
fips202.o cshake256_simple_absorb T
fips202.o cshake256_simple_squeezeblocks T
fips202.o shake128 T
fips202.o shake128_absorb T
fips202.o shake128_squeezeblocks T
fips202.o shake256 T
fips202.o shake256_absorb T
fips202.o shake256_squeezeblocks T
frodo976.o CDF_TABLE D
frodo976.o CDF_TABLE_LEN D
frodo976.o frodo_add T
frodo976.o frodo_key_decode T
frodo976.o frodo_key_encode T
frodo976.o frodo_mul_add_as_plus_e T
frodo976.o frodo_mul_add_sa_plus_e T
frodo976.o frodo_mul_add_sb_plus_e T
frodo976.o frodo_mul_bs T
frodo976.o frodo_sample_n T
frodo976.o frodo_sub T
util.o clear_words T
util.o frodo_pack T
util.o frodo_unpack T

Number of similar (implementation,compiler) pairs: 9, namely:

Implementation	Compiler
`T:reference`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:reference`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:reference`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:reference`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:reference`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:reference`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:reference`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:reference`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:reference`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

Namespace violations

KeccakP-1600-times4-SIMD256.o KeccakF1600times4_FastLoop_Absorb T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_12rounds_FastLoop_Absorb T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_AddBytes T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_AddLanesAll T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_ExtractAndAddBytes T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_ExtractAndAddLanesAll T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_ExtractBytes T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_ExtractLanesAll T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_InitializeAll T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_OverwriteBytes T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_OverwriteLanesAll T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_OverwriteWithZeroes T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_PermuteAll_12rounds T
KeccakP-1600-times4-SIMD256.o KeccakP1600times4_PermuteAll_24rounds T
aes.o AES_free_schedule T
aes.o handleErrors T
aes_ni.o aes128_dec_ni T
aes_ni.o aes128_enc_ni T
aes_ni.o aes128_load_schedule_ni T
aes_ni.o aes256_dec_ni T
aes_ni.o aes256_enc_ni T
aes_ni.o aes256_load_schedule_ni T
aes_ni.o aes_free_schedule_ni T
fips202.o KeccakF1600_StatePermute T
fips202.o cshake128_simple T
fips202.o cshake128_simple_absorb T
fips202.o cshake128_simple_squeezeblocks T
fips202.o cshake256_simple T
fips202.o cshake256_simple_absorb T
fips202.o cshake256_simple_squeezeblocks T
fips202.o shake128 T
fips202.o shake128_absorb T
fips202.o shake128_squeezeblocks T
fips202.o shake256 T
fips202.o shake256_absorb T
fips202.o shake256_squeezeblocks T
fips202x4.o cshake128_simple4x T
fips202x4.o cshake128_simple_absorb4x T
fips202x4.o cshake128_simple_squeezeblocks4x T
fips202x4.o cshake256_simple4x T
fips202x4.o cshake256_simple_absorb4x T
fips202x4.o cshake256_simple_squeezeblocks4x T
frodo976.o CDF_TABLE R
frodo976.o CDF_TABLE_LEN R
frodo976.o frodo_add T
frodo976.o frodo_key_decode T
frodo976.o frodo_key_encode T
frodo976.o frodo_mul_add_as_plus_e T
frodo976.o frodo_mul_add_sa_plus_e T
frodo976.o frodo_mul_add_sb_plus_e T
frodo976.o frodo_mul_bs T
frodo976.o frodo_sample_n T
frodo976.o frodo_sub T
util.o clear_words T
util.o frodo_pack T
util.o frodo_unpack T

Number of similar (implementation,compiler) pairs: 8, namely:

Implementation	Compiler
`T:x64`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:x64`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:x64`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:x64`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`T:x64`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:x64`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:x64`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:x64`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`