More SUPERCOP results
318 views
Skip to first unread message
D. J. Bernstein
Nov 1, 2021, 1:31:25 PM11/1/21
to pqc-...@list.nist.gov
Main news is a SABER AVX2 speedup submitted by the SABER team a few days
ago, integrated into supercop-20211031. Latest Haswell numbers here:
https://bench.cr.yp.to/results-kem.html#amd64-hiphop
All the usual caveats apply. My assessment of human-resource allocation
and overall optimization quality at this point is that implementors have
been (and still are) flooded with work for other platforms and that
further Haswell speedups would be unsurprising.
---Dan
P.S. Still working on SIKE integration, sorry. From preliminary
measurements of the code I've found, I'd say that the round-1 sikep503
numbers in SUPERCOP have been superseded but are in the right ballpark.
ago, integrated into supercop-20211031. Latest Haswell numbers here:
https://bench.cr.yp.to/results-kem.html#amd64-hiphop
All the usual caveats apply. My assessment of human-resource allocation
and overall optimization quality at this point is that implementors have
been (and still are) flooded with work for other platforms and that
further Haswell speedups would be unsurprising.
---Dan
P.S. Still working on SIKE integration, sorry. From preliminary
measurements of the code I've found, I'd say that the round-1 sikep503
numbers in SUPERCOP have been superseded but are in the right ballpark.
D. J. Bernstein
Nov 9, 2021, 12:30:32 AM11/9/21
to pqc-...@list.nist.gov
Further updates to Haswell numbers, now from supercop-20211108:
https://bench.cr.yp.to/results-kem.html#amd64-hiphop
Main news is round-3 code for SIKE. Previously SUPERCOP had round-1
sikep503. The round-1 -> round-3 upgrade means
* keygen: 14886884 Haswell cycles -> 12038959 Haswell cycles
* enc: 24370012 Haswell cycles -> 19639073 Haswell cycles
* dec: 26016218 Haswell cycles -> 20987522 Haswell cycles
for sikep503 (in each case 1.24x faster), plus support for sikep434,
sikep610, sikep751, plus the compressed versions. See my latest eBATS
mailing-list message for details of the round-3 SIKE code integration.
This update also includes new Classic McEliece software. Compared to the
previous (June 2020) Classic McEliece software in SUPERCOP, this has the
new round-3 secret-key format, faster key generation, and full TIMECOP
support. This means that TIMECOP is now supported by Classic McEliece,
Dilithium, Kyber, NTRU, and NTRU Prime.
---Dan
https://bench.cr.yp.to/results-kem.html#amd64-hiphop
Main news is round-3 code for SIKE. Previously SUPERCOP had round-1
sikep503. The round-1 -> round-3 upgrade means
* keygen: 14886884 Haswell cycles -> 12038959 Haswell cycles
* enc: 24370012 Haswell cycles -> 19639073 Haswell cycles
* dec: 26016218 Haswell cycles -> 20987522 Haswell cycles
for sikep503 (in each case 1.24x faster), plus support for sikep434,
sikep610, sikep751, plus the compressed versions. See my latest eBATS
mailing-list message for details of the round-3 SIKE code integration.
This update also includes new Classic McEliece software. Compared to the
previous (June 2020) Classic McEliece software in SUPERCOP, this has the
new round-3 secret-key format, faster key generation, and full TIMECOP
support. This means that TIMECOP is now supported by Classic McEliece,
Dilithium, Kyber, NTRU, and NTRU Prime.
---Dan
Reply all
Reply to author
Forward
0 new messages