Implementation notes: amd64, renoir, crypto_aead/deoxysii256v141

Computer: renoir
Microarchitecture: amd64; Zen 2 (860f01)
Architecture: amd64
CPU ID: AuthenticAMD-00860f01-178bfbff
SUPERCOP version: 20231107
Operation: crypto_aead
Primitive: deoxysii256v141

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
9830	36629 0 0	49579 756 1048	`T:aesni`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
9905	46701 0 0	62928 780 1080	`T:aesni`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
10008	43736 0 0	57887 772 1080	`T:aesni`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
10396	44522 0 0	59088 780 1080	`T:aesni`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
10573	44904 0 0	58342 804 1016	`T:aesni`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
10793	46817 0 0	62136 812 1048	`T:aesni`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
10831	44367 0 0	57590 804 1016	`T:aesni`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
10925	46817 0 0	61992 812 1048	`T:aesni`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
13066	177487 0 0	190814 804 1016	`T:aesnis`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
13096	181948 0 0	197368 812 1048	`T:aesnis`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
13124	181948 0 0	197496 812 1048	`T:aesnis`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
13187	177203 0 0	190214 804 1016	`T:aesnis`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
14538	163600 0 0	179856 780 1080	`T:aesnis`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
14762	157312 0 0	171888 780 1080	`T:aesnis`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
15203	146612 0 0	159563 756 1048	`T:aesnis`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
15670	158485 0 0	172631 772 1080	`T:aesnis`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
93896	121019 0 592	136064 812 1624	`T:bitslice`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
94302	121019 0 592	136192 812 1624	`T:bitslice`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
108889	145297 0 624	161440 780 1720	`T:bitslice`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
114356	120084 0 592	132774 804 1624	`T:bitslice`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
115320	123922 0 624	138368 780 1720	`T:bitslice`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
116973	122987 0 592	135990 804 1624	`T:bitslice`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
123673	213250 0 624	227368 780 1720	`T:bitslice`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
137676	117391 0 624	130203 756 1688	`T:bitslice`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
512534	33478 0 592	47078 804 1624	`T:table`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
574082	35033 0 592	51176 812 1624	`T:table`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
577416	35033 0 592	51048 812 1624	`T:table`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
673327	35918 0 592	52264 812 1624	`T:table`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
821648	38619 0 624	54920 780 1720	`T:table`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
833659	36392 0 624	51016 780 1720	`T:table`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
870494	24540 0 0	40552 812 1048	`T:ref`	`clang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
1259201	29890 0 0	46160 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
1353663	27180 0 0	43560 812 1016	`T:ref`	`clang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
1358484	26460 0 0	42616 812 1048	`T:ref`	`clang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
1379977	33860 0 592	47830 804 1624	`T:table`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
1405828	36134 0 624	50440 780 1720	`T:table`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
1409186	34005 0 624	46995 756 1688	`T:table`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
2772467	26326 0 0	40928 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
3409334	23502 0 0	37110 804 1016	`T:ref`	`clang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122
4973866	23365 0 0	36347 756 1048	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
5007827	25461 0 0	39720 780 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE`	20230521	20221122
5162593	23362 0 0	37342 804 1016	`T:ref`	`clang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE`	20230521	20221122

Compiler output

Implementation: T:aesni
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:104:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: tmp = permute( tmp, H_PERMUTATION );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( tsubkeys1,tsubkeys2,subkeys, key);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:112:3: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:43:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( subkeys1[ 0], subkeys1[ 1], subkeys2[ 0], subkeys2[ 1] ); ts[ 1] = xor( xor(subkeys1[ 1],subkeys2[ 1]), RCONS[ 1] ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:35:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesni

Compiler output

Implementation: T:aesnis
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: TWEAKEY_SCHEDULE3( subkeys, key, tmp,tmp2,tmp3,tmp4 );
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:33:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key1 = permute( new_key1, H_PERMUTATION);\
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:40:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp1, tmp2, tmp3, tmp4 ); subkeys[ 1] = xor( xor(tmp2,tmp4), RCONST( 1) ); \
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:34:16: note: expanded from macro 'ONE_KEY_ROUND'
deoxys.c: new_key2 = permute( new_key2, H_PERMUTATION);
deoxys.c: ^
deoxys.c: ./tweakable-cipher.macros:7:22: note: expanded from macro 'permute'
deoxys.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxys.c: ^
deoxys.c: deoxys.c:84:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'deoxys_aead_encrypt' that is compiled without support for 'ssse3'
deoxys.c: ./tweakable-cipher.macros:41:3: note: expanded from macro 'TWEAKEY_SCHEDULE3'
deoxys.c: ONE_KEY_ROUND( tmp2, tmp1, tmp4, tmp3 ); subkeys[ 2] = xor( xor(tmp1,tmp3), RCONST( 2) ); \
deoxys.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:aesnis

Compiler output

Implementation: T:bitslice
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE

deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: packing(a);
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:473:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[0] = shuffle_pack((x)[0]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:474:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[1] = shuffle_pack((x)[1]);\
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:32:25: note: expanded from macro 'shuffle_pack'
deoxysBCii256.c: #define shuffle_pack(a) permute(a, SET8(15,11,7,3,14,10,6,2,13,9,5,1,12,8,4,0) )
deoxysBCii256.c: ^
deoxysBCii256.c: ./deoxysii256.macros:31:25: note: expanded from macro 'permute'
deoxysBCii256.c: #define permute(a,b) _mm_shuffle_epi8(a,b)
deoxysBCii256.c: ^
deoxysBCii256.c: deoxysBCii256.c:237:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'DeoxysEncrypt_Auth' that is compiled without support for 'ssse3'
deoxysBCii256.c: ./deoxysii256.macros:475:14: note: expanded from macro 'packing'
deoxysBCii256.c: (x)[2] = shuffle_pack((x)[2]);\
deoxysBCii256.c: ...

Number of similar (compiler,implementation) pairs: 1, namely:

Compiler	Implementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE	T:bitslice