Implementation notes: amd64, panther, crypto_sign/dilithium2

Computer: panther
Microarchitecture: amd64; Tiger Lake (806c1)
Architecture: amd64
CPU ID: GenuineIntel-000806c1-00-bfebfbff
SUPERCOP version: 20240716
Operation: crypto_sign
Primitive: dilithium2

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
323504	81679 64 0	103925 908 1784	`avx2`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
326464	97322 64 0	119445 908 1784	`avx2`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
331582	62777 64 0	81619 900 1752	`avx2`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
338166	59652 64 0	79395 900 1752	`avx2`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
339070	89009 64 0	111400 860 1816	`avx2`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
341492	65849 64 0	86280 860 1816	`avx2`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
341564	58345 64 0	77208 852 1784	`avx2`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
345733	59764 64 0	79712 860 1816	`avx2`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1226590	42042 0 0	64368 788 1816	`ref`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1271203	49748 0 0	71941 836 1784	`ref`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1310720	34183 0 0	56141 836 1752	`ref`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1321364	37176 0 0	59453 836 1784	`ref`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1324239	20395 0 0	40704 788 1816	`ref`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1356031	18734 0 0	37819 828 1752	`ref`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1362878	20013 0 0	39531 828 1752	`ref`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1538630	18775 0 0	38632 788 1816	`ref`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716
1570449	17700 0 0	36472 780 1784	`ref`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240717	20240716

Compiler output

fips202x4.c: fips202x4.c:22:12: error: always_inline function '_mm256_setzero_si256' requires target feature 'avx', but would be inlined into function 'keccakx4_absorb_once' that is compiled without support for 'avx'
fips202x4.c:     s[i] = _mm256_setzero_si256();
fips202x4.c:            ^
fips202x4.c: fips202x4.c:22:12: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
fips202x4.c: fips202x4.c:24:9: error: always_inline function '_mm256_set_epi64x' requires target feature 'avx', but would be inlined into function 'keccakx4_absorb_once' that is compiled without support for 'avx'
fips202x4.c:   idx = _mm256_set_epi64x((long long)in3, (long long)in2, (long long)in1, (long long)in0);
fips202x4.c:         ^
fips202x4.c: fips202x4.c:24:9: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
fips202x4.c: fips202x4.c:27:11: error: '__builtin_ia32_gatherq_q256' needs target feature avx2
fips202x4.c:       t = _mm256_i64gather_epi64((long long *)pos, idx, 1);
fips202x4.c:           ^
fips202x4.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avx2intrin.h:1140:12: note: expanded from macro '_mm256_i64gather_epi64'
fips202x4.c:   (__m256i)__builtin_ia32_gatherq_q256((__v4di)_mm256_undefined_si256(), \
fips202x4.c:            ^
fips202x4.c: fips202x4.c:27:11: error: always_inline function '_mm256_undefined_si256' requires target feature 'avx', but would be inlined into function 'keccakx4_absorb_once' that is compiled without support for 'avx'
fips202x4.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avx2intrin.h:1140:48: note: expanded from macro '_mm256_i64gather_epi64'
fips202x4.c:   (__m256i)__builtin_ia32_gatherq_q256((__v4di)_mm256_undefined_si256(), \
fips202x4.c:                                                ^
fips202x4.c: fips202x4.c:27:11: error: AVX vector return of type '__m256i' (vector of 4 'long long' values) without 'avx' enabled changes the ABI
fips202x4.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avx2intrin.h:1140:48: note: expanded from macro '_mm256_i64gather_epi64'
fips202x4.c:   (__m256i)__builtin_ia32_gatherq_q256((__v4di)_mm256_undefined_si256(), \
fips202x4.c:                                                ^
fips202x4.c: fips202x4.c:27:11: error: always_inline function '_mm256_set1_epi64x' requires target feature 'avx', but would be inlined into function 'keccakx4_absorb_once' that is compiled without support for 'avx'
fips202x4.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/avx2intrin.h:1143:48: note: expanded from macro '_mm256_i64gather_epi64'
fips202x4.c:                                        (__v4di)_mm256_set1_epi64x(-1), (s))
fips202x4.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x4028A0
   at 0x...: st32 (try-anything.c:47)
   by 0x...: core (try-anything.c:78)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 2, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x418A9B
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_avx2_constbranchindex_keypair (sign.c:87)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40F41B
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_avx2_constbranchindex_keypair (sign.c:87)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40228E
   at 0x...: core (try-anything.c:73)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 2, namely:

Implementation	Compiler
`avx2`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A539
   at 0x...: salsa20.part.0 (try-anything.c:102)
   by 0x...: salsa20 (try-anything.c:85)
   by 0x...: canary (try-anything.c:148)
   by 0x...: output_prepare (try-anything.c:178)
   by 0x...: test (try.c:127)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 2, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A3DA
   at 0x...: st32 (try-anything.c:47)
   by 0x...: core (try-anything.c:78)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: salsa20 (try-anything.c:81)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 2, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x1173FB
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_avx2_constbranchindex_keypair (sign.c:87)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x116BBB
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_avx2_constbranchindex_keypair (sign.c:87)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40DFAB
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x4069CB
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40AA9B
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10E65B
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10DF4B
   at 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex_ECRYPT_encrypt_bytes (u16mask.h:114)
   by 0x...: crypto_stream_chacha20_dolbeau_amd64_avx2_constbranchindex (include/estream-convert-api.h:83)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium2_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`