Skip to content

Commit

Permalink
PQClean Integration (#76)
Browse files Browse the repository at this point in the history 
* hashing benchmarks

* some more refactoring

* sample benchmarks

* sample benchmarks

* namespacing for pqclean

* namespacing in testvectors on host

* Integrate PQClean's AES into pqm4

* Fix path for host sources in Makefile

* Update mupq

* Fix bug in testvectors AES-128

* Add optimized AES-192/256 implementations.

Round-2-Kyber will use this.
Everything is put into separate sections such that the linker with
gc-sections will succesfully throw out an AES instance (or all of them)
whenever it is not used by a scheme.

* Update mupq

* fix incremental keccak implementation

* added benchmarks for ntruhps2048509 and sphincs-shake256-128f-simple

* make frodo scheme naming consistent with PQClean (breaks testvectors)

* rename frodo in benchmark results
  • Loading branch information
@mkannwischer
mkannwischer authored Apr 17, 2019
1 parent c206aa6 commit d3d19d2
Show file tree
Hide file tree
Showing 29 changed files with 1,359 additions and 1,026 deletions.
19 changes: 10 additions & 9 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ LDFLAGS_HOST =
# override as desired
TYPE=kem

COMMONSOURCES=mupq/common/fips202.c mupq/common/sha2.c mupq/common/aes.c mupq/common/rijndael.c
COMMONSOURCES_HOST=$(COMMONSOURCES) mupq/common/keccakf1600.c
COMMONSOURCES_M4=$(COMMONSOURCES) common/keccakf1600.S
COMMONSOURCES=mupq/common/fips202.c mupq/common/sha2.c
COMMONSOURCES_HOST=$(COMMONSOURCES) mupq/common/keccakf1600.c mupq/pqclean/common/aes.c
COMMONSOURCES_M4=$(COMMONSOURCES) common/keccakf1600.S mupq/common/aes.c common/aes.S

COMMONINCLUDES=-I"mupq/common"
COMMONINCLUDES_M4=$(COMMONINCLUDES) -I"common"
Expand All @@ -52,14 +52,15 @@ all:
@echo "Please use the scripts in this directory instead of using the Makefile"
@echo
@echo "If you really want to use it, please specify IMPLEMENTATION_PATH=path/to/impl"
@echo "and a target binary."
@echo "and a target binary, e.g.,"
@echo "make IMPLEMENTATION_PATH=crypto_kem/kyber768/m4 bin/crypto_kem_kyber768_m4_test.bin"
@echo "make clean also works"

$(DEST_HOST)/%_testvectors: $(COMMONSOURCES_HOST) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS)
mkdir -p $(DEST_HOST)
$(CC_HOST) -o $@ \
$(CFLAGS_HOST) \
crypto_$(TYPE)/testvectors-host.c \
$(CFLAGS_HOST) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE)\
mupq/crypto_$(TYPE)/testvectors-host.c \
$(COMMONSOURCES_HOST) \
$(IMPLEMENTATION_SOURCES) \
-I$(IMPLEMENTATION_PATH) \
Expand All @@ -76,19 +77,19 @@ $(DEST)/%.bin: elf/%.elf
# TODO use notrandombytes more generically rather than included in testvectors.c
elf/$(TARGET_NAME)_%.elf: mupq/crypto_$(TYPE)/%.c $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
mkdir -p elf
$(CC) -o $@ $(CFLAGS) \
$(CC) -o $@ $(CFLAGS) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE) \
$< $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)

elf/$(TARGET_NAME)_testvectors.elf: mupq/crypto_$(TYPE)/testvectors.c $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
mkdir -p elf
$(CC) -o $@ $(CFLAGS) \
$(CC) -o $@ $(CFLAGS) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE)\
$< $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)

elf/$(TARGET_NAME)_hashing.elf: mupq/crypto_$(TYPE)/hashing.c $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
mkdir -p elf
$(CC) -o $@ $(CFLAGS) -DPROFILE_HASHING \
$(CC) -o $@ $(CFLAGS) -DPROFILE_HASHING -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE) \
$< $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)

Expand Down
27 changes: 15 additions & 12 deletions benchmarks.csv
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
Speed Evaluation,,,,,,,,,,
Key Encapsulation Schemes,,,,,,,,,,
Scheme,Implementation,Key Generation [cycles] (mean),Key Generation [cycles] (min),Key Generation [cycles] (max),Encapsulation [cycles] (mean),Encapsulation [cycles] (min),Encapsulation [cycles] (max),Decapsulation [cycles] (mean),Decapsulation [cycles] (min),Decapsulation [cycles] (max)
frodo640-aes (100 executions),m4,220307317,220241077,220386311,223739226,223672948,223818372,218784713,218718418,218863869
frodo640-cshake (100 executions),m4,81905542,81905542,81905542,86239829,86239829,86239829,86385540,86385540,86385540
frodo640-cshake (100 executions),opt,94173002,94173002,94173002,107084620,107084620,107084620,107482437,107482437,107482437
frodokem640aes (100 executions),m4,220307317,220241077,220386311,223739226,223672948,223818372,218784713,218718418,218863869
frodokem640cshake (100 executions),m4,81905542,81905542,81905542,86239829,86239829,86239829,86385540,86385540,86385540
frodokem640cshake (100 executions),opt,94173002,94173002,94173002,107084620,107084620,107084620,107482437,107482437,107482437
kyber1024 (100 executions),m4,1729819,1729068,1730683,2083028,2082278,2083893,2134685,2133934,2135550
kyber1024 (100 executions),ref,1957251,1956503,1958004,2463004,2462257,2463758,2663791,2663043,2664544
kyber512 (100 executions),m4,665609,665182,665980,903352,902925,903723,933528,933102,933900
Expand All @@ -12,6 +12,7 @@ kyber768 (100 executions),m4,1098604,1098197,1099128,1384549,1384141,1385073,141
kyber768 (100 executions),ref,1269336,1268667,1270035,1677026,1676357,1677725,1827734,1827065,1828433
newhope1024cca (100 executions),m4,1220539,1220182,1220822,1902086,1901730,1902370,1925924,1925566,1926207
newhope1024cca (100 executions),ref,1466552,1466131,1466899,2273026,2272605,2273374,2421633,2421212,2421980
ntruhps2048509 (100 executions),clean,111432235,111432235,111432235,2879179,2879179,2879179,7230769,7230769,7230769
ntruhrss701 (100 executions),m4,145962064,145962064,145962064,403677,403677,403677,819323,819323,819323
ntruhrss701 (100 executions),ref,189381286,189381286,189381286,4655513,4655513,4655513,13571758,13571758,13571758
saber (100 executions),m4,894655,894655,894655,1161220,1161220,1161220,1204173,1204173,1204173
Expand All @@ -25,14 +26,14 @@ dilithium (100 executions),ref,2755209,2754546,2756003,15593609,5001347,47568719
qTesla-I (100 executions),ref,16181905,7759886,55665081,6528971,1408282,38101487,1038204,1031357,1066061
qTesla-III-size (100 executions),ref,52911984,22057621,147552103,25535653,3263517,85027845,2268587,2263927,2296947
qTesla-III-speed (100 executions),ref,34440396,19783861,112913102,10958955,3242541,39136486,2197445,2187892,2228424
sphincs-shake256-128s (2 executions),ref,4036930116,4036930116,4036930116,56077640588,56077424990,56077856186,67353629,67137935,67569323
sphincs-shake256-128f-simple (1 executions),clean,65678196,65678196,65678196,2070781593,2070781593,2070781593,83111329,83111329,83111329

Memory Evaluation,,,,,,,,,,
Key Encapsulation Schemes,,,,,,,,,,
Scheme,Implementation,Key Generation [bytes],Encapsulation [bytes],Decapsulation [bytes],,,,,,
frodo640-aes,m4,31240,51568,61944,,,,,,
frodo640-cshake,m4,26304,41504,51880,,,,,,
frodo640-cshake,opt,36560,58272,68640,,,,,,
frodokem640aes,m4,31240,51568,61944,,,,,,
frodokem640cshake,m4,26304,41504,51880,,,,,,
frodokem640cshake,opt,36560,58272,68640,,,,,,
kyber1024,m4,15664,19352,20864,,,,,,
kyber1024,ref,15664,19352,20864,,,,,,
kyber512,m4,6456,9120,9928,,,,,,
Expand All @@ -41,6 +42,7 @@ kyber768,m4,10544,13720,14880,,,,,,
kyber768,ref,10544,13720,14880,,,,,,
newhope1024cca,m4,11152,17448,19680,,,,,,
newhope1024cca,ref,11152,17448,19680,,,,,,
ntruhps2048509,clean,11768,6920,5184,,,,,,
ntruhrss701,m4,23396,19492,22140,,,,,,
ntruhrss701,ref,10032,8956,10204,,,,,,
saber,m4,13248,15528,16624,,,,,,
Expand All @@ -54,14 +56,14 @@ dilithium,ref,50896,86752,54936,,,,,,
qTesla-I,ref,22512,29336,23128,,,,,,
qTesla-III-size,ref,44016,58152,45732,,,,,,
qTesla-III-speed,ref,44024,58144,45712,,,,,,
sphincs-shake256-128s,ref,2936,3064,10800,,,,,,
sphincs-shake256-128f-simple,clean,2200,2304,2664,,,,,,

Hashing Evaluation,,,,,,,,,,
Key Encapsulation Schemes,,,,,,,,,,
Scheme,Implementation,Key Generation [%],Encapsulation [%],Decapsulation [%],,,,,,
frodo640-aes,m4,96.4,95.3,95.2,,,,,,
frodo640-cshake,m4,90.4,88.9,88.7,,,,,,
frodo640-cshake,opt,79.8,71.6,71.3,,,,,,
frodokem640aes,m4,96.4,95.3,95.2,,,,,,
frodokem640cshake,m4,90.4,88.9,88.7,,,,,,
frodokem640cshake,opt,79.8,71.6,71.3,,,,,,
kyber1024,m4,69.3,67.5,58.7,,,,,,
kyber1024,ref,61.3,57.1,47.0,,,,,,
kyber512,m4,68.3,66.2,54.4,,,,,,
Expand All @@ -70,6 +72,7 @@ kyber768,m4,68.9,66.8,56.3,,,,,,
kyber768,ref,59.6,55.2,43.6,,,,,,
newhope1024cca,m4,71.2,70.3,59.5,,,,,,
newhope1024cca,ref,59.3,58.9,47.4,,,,,,
ntruhps2048509,clean,0.0,0.9,1.4,,,,,,
ntruhrss701,m4,0.1,26.5,8.2,,,,,,
ntruhrss701,ref,0.0,2.3,0.5,,,,,,
saber,m4,53.1,52.9,41.5,,,,,,
Expand All @@ -83,4 +86,4 @@ dilithium,ref,61.4,25.4,50.8,,,,,,
qTesla-I,ref,63.5,27.8,32.4,,,,,,
qTesla-III-size,ref,66.2,23.0,27.5,,,,,,
qTesla-III-speed,ref,73.3,24.1,28.3,,,,,,
sphincs-shake256-128s,ref,97.3,97.0,97.2,,,,,,
sphincs-shake256-128f-simple,clean,96.4,96.2,99.1,,,,,,
27 changes: 15 additions & 12 deletions benchmarks.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
## Key Encapsulation Schemes
| scheme | implementation | key generation [cycles] | encapsulation [cycles] | decapsulation [cycles] |
| ------ | -------------- | ----------------------- | ---------------------- | ---------------------- |
| frodo640-aes (100 executions) | m4 | AVG: 220,307,317 <br /> MIN: 220,241,077 <br /> MAX: 220,386,311 | AVG: 223,739,226 <br /> MIN: 223,672,948 <br /> MAX: 223,818,372 | AVG: 218,784,713 <br /> MIN: 218,718,418 <br /> MAX: 218,863,869 |
| frodo640-cshake (100 executions) | m4 | AVG: 81,905,542 <br /> MIN: 81,905,542 <br /> MAX: 81,905,542 | AVG: 86,239,829 <br /> MIN: 86,239,829 <br /> MAX: 86,239,829 | AVG: 86,385,540 <br /> MIN: 86,385,540 <br /> MAX: 86,385,540 |
| frodo640-cshake (100 executions) | opt | AVG: 94,173,002 <br /> MIN: 94,173,002 <br /> MAX: 94,173,002 | AVG: 107,084,620 <br /> MIN: 107,084,620 <br /> MAX: 107,084,620 | AVG: 107,482,437 <br /> MIN: 107,482,437 <br /> MAX: 107,482,437 |
| frodokem640aes (100 executions) | m4 | AVG: 220,307,317 <br /> MIN: 220,241,077 <br /> MAX: 220,386,311 | AVG: 223,739,226 <br /> MIN: 223,672,948 <br /> MAX: 223,818,372 | AVG: 218,784,713 <br /> MIN: 218,718,418 <br /> MAX: 218,863,869 |
| frodokem640cshake (100 executions) | m4 | AVG: 81,905,542 <br /> MIN: 81,905,542 <br /> MAX: 81,905,542 | AVG: 86,239,829 <br /> MIN: 86,239,829 <br /> MAX: 86,239,829 | AVG: 86,385,540 <br /> MIN: 86,385,540 <br /> MAX: 86,385,540 |
| frodokem640cshake (100 executions) | opt | AVG: 94,173,002 <br /> MIN: 94,173,002 <br /> MAX: 94,173,002 | AVG: 107,084,620 <br /> MIN: 107,084,620 <br /> MAX: 107,084,620 | AVG: 107,482,437 <br /> MIN: 107,482,437 <br /> MAX: 107,482,437 |
| kyber1024 (100 executions) | m4 | AVG: 1,729,819 <br /> MIN: 1,729,068 <br /> MAX: 1,730,683 | AVG: 2,083,028 <br /> MIN: 2,082,278 <br /> MAX: 2,083,893 | AVG: 2,134,685 <br /> MIN: 2,133,934 <br /> MAX: 2,135,550 |
| kyber1024 (100 executions) | ref | AVG: 1,957,251 <br /> MIN: 1,956,503 <br /> MAX: 1,958,004 | AVG: 2,463,004 <br /> MIN: 2,462,257 <br /> MAX: 2,463,758 | AVG: 2,663,791 <br /> MIN: 2,663,043 <br /> MAX: 2,664,544 |
| kyber512 (100 executions) | m4 | AVG: 665,609 <br /> MIN: 665,182 <br /> MAX: 665,980 | AVG: 903,352 <br /> MIN: 902,925 <br /> MAX: 903,723 | AVG: 933,528 <br /> MIN: 933,102 <br /> MAX: 933,900 |
Expand All @@ -13,6 +13,7 @@
| kyber768 (100 executions) | ref | AVG: 1,269,336 <br /> MIN: 1,268,667 <br /> MAX: 1,270,035 | AVG: 1,677,026 <br /> MIN: 1,676,357 <br /> MAX: 1,677,725 | AVG: 1,827,734 <br /> MIN: 1,827,065 <br /> MAX: 1,828,433 |
| newhope1024cca (100 executions) | m4 | AVG: 1,220,539 <br /> MIN: 1,220,182 <br /> MAX: 1,220,822 | AVG: 1,902,086 <br /> MIN: 1,901,730 <br /> MAX: 1,902,370 | AVG: 1,925,924 <br /> MIN: 1,925,566 <br /> MAX: 1,926,207 |
| newhope1024cca (100 executions) | ref | AVG: 1,466,552 <br /> MIN: 1,466,131 <br /> MAX: 1,466,899 | AVG: 2,273,026 <br /> MIN: 2,272,605 <br /> MAX: 2,273,374 | AVG: 2,421,633 <br /> MIN: 2,421,212 <br /> MAX: 2,421,980 |
| ntruhps2048509 (100 executions) | clean | AVG: 111,432,235 <br /> MIN: 111,432,235 <br /> MAX: 111,432,235 | AVG: 2,879,179 <br /> MIN: 2,879,179 <br /> MAX: 2,879,179 | AVG: 7,230,769 <br /> MIN: 7,230,769 <br /> MAX: 7,230,769 |
| ntruhrss701 (100 executions) | m4 | AVG: 145,962,064 <br /> MIN: 145,962,064 <br /> MAX: 145,962,064 | AVG: 403,677 <br /> MIN: 403,677 <br /> MAX: 403,677 | AVG: 819,323 <br /> MIN: 819,323 <br /> MAX: 819,323 |
| ntruhrss701 (100 executions) | ref | AVG: 189,381,286 <br /> MIN: 189,381,286 <br /> MAX: 189,381,286 | AVG: 4,655,513 <br /> MIN: 4,655,513 <br /> MAX: 4,655,513 | AVG: 13,571,758 <br /> MIN: 13,571,758 <br /> MAX: 13,571,758 |
| saber (100 executions) | m4 | AVG: 894,655 <br /> MIN: 894,655 <br /> MAX: 894,655 | AVG: 1,161,220 <br /> MIN: 1,161,220 <br /> MAX: 1,161,220 | AVG: 1,204,173 <br /> MIN: 1,204,173 <br /> MAX: 1,204,173 |
Expand All @@ -27,15 +28,15 @@
| qTesla-I (100 executions) | ref | AVG: 16,181,905 <br /> MIN: 7,759,886 <br /> MAX: 55,665,081 | AVG: 6,528,971 <br /> MIN: 1,408,282 <br /> MAX: 38,101,487 | AVG: 1,038,204 <br /> MIN: 1,031,357 <br /> MAX: 1,066,061 |
| qTesla-III-size (100 executions) | ref | AVG: 52,911,984 <br /> MIN: 22,057,621 <br /> MAX: 147,552,103 | AVG: 25,535,653 <br /> MIN: 3,263,517 <br /> MAX: 85,027,845 | AVG: 2,268,587 <br /> MIN: 2,263,927 <br /> MAX: 2,296,947 |
| qTesla-III-speed (100 executions) | ref | AVG: 34,440,396 <br /> MIN: 19,783,861 <br /> MAX: 112,913,102 | AVG: 10,958,955 <br /> MIN: 3,242,541 <br /> MAX: 39,136,486 | AVG: 2,197,445 <br /> MIN: 2,187,892 <br /> MAX: 2,228,424 |
| sphincs-shake256-128s (2 executions) | ref | AVG: 4,036,930,116 <br /> MIN: 4,036,930,116 <br /> MAX: 4,036,930,116 | AVG: 56,077,640,588 <br /> MIN: 56,077,424,990 <br /> MAX: 56,077,856,186 | AVG: 67,353,629 <br /> MIN: 67,137,935 <br /> MAX: 67,569,323 |
| sphincs-shake256-128f-simple (1 executions) | clean | AVG: 65,678,196 <br /> MIN: 65,678,196 <br /> MAX: 65,678,196 | AVG: 2,070,781,593 <br /> MIN: 2,070,781,593 <br /> MAX: 2,070,781,593 | AVG: 83,111,329 <br /> MIN: 83,111,329 <br /> MAX: 83,111,329 |

# Memory Evaluation
## Key Encapsulation Schemes
| Scheme | Implementation | Key Generation [bytes] | Encapsulation [bytes] | Decapsulation [bytes] |
| ------ | -------------- | ---------------------- | --------------------- | --------------------- |
| frodo640-aes | m4 | 31,240 | 51,568 | 61,944 |
| frodo640-cshake | m4 | 26,304 | 41,504 | 51,880 |
| frodo640-cshake | opt | 36,560 | 58,272 | 68,640 |
| frodokem640aes | m4 | 31,240 | 51,568 | 61,944 |
| frodokem640cshake | m4 | 26,304 | 41,504 | 51,880 |
| frodokem640cshake | opt | 36,560 | 58,272 | 68,640 |
| kyber1024 | m4 | 15,664 | 19,352 | 20,864 |
| kyber1024 | ref | 15,664 | 19,352 | 20,864 |
| kyber512 | m4 | 6,456 | 9,120 | 9,928 |
Expand All @@ -44,6 +45,7 @@
| kyber768 | ref | 10,544 | 13,720 | 14,880 |
| newhope1024cca | m4 | 11,152 | 17,448 | 19,680 |
| newhope1024cca | ref | 11,152 | 17,448 | 19,680 |
| ntruhps2048509 | clean | 11,768 | 6,920 | 5,184 |
| ntruhrss701 | m4 | 23,396 | 19,492 | 22,140 |
| ntruhrss701 | ref | 10,032 | 8,956 | 10,204 |
| saber | m4 | 13,248 | 15,528 | 16,624 |
Expand All @@ -58,15 +60,15 @@
| qTesla-I | ref | 22,512 | 29,336 | 23,128 |
| qTesla-III-size | ref | 44,016 | 58,152 | 45,732 |
| qTesla-III-speed | ref | 44,024 | 58,144 | 45,712 |
| sphincs-shake256-128s | ref | 2,936 | 3,064 | 10,800 |
| sphincs-shake256-128f-simple | clean | 2,200 | 2,304 | 2,664 |

# Hashing Evaluation
## Key Encapsulation Schemes
| Scheme | Implementation | Key Generation [%] | Encapsulation [%] | Decapsulation [%] |
| ------ | -------------- | ------------------ | ----------------- | ----------------- |
| frodo640-aes | m4 | 96.4% | 95.3% | 95.2% |
| frodo640-cshake | m4 | 90.4% | 88.9% | 88.7% |
| frodo640-cshake | opt | 79.8% | 71.6% | 71.3% |
| frodokem640aes | m4 | 96.4% | 95.3% | 95.2% |
| frodokem640cshake | m4 | 90.4% | 88.9% | 88.7% |
| frodokem640cshake | opt | 79.8% | 71.6% | 71.3% |
| kyber1024 | m4 | 69.3% | 67.5% | 58.7% |
| kyber1024 | ref | 61.3% | 57.1% | 47.0% |
| kyber512 | m4 | 68.3% | 66.2% | 54.4% |
Expand All @@ -75,6 +77,7 @@
| kyber768 | ref | 59.6% | 55.2% | 43.6% |
| newhope1024cca | m4 | 71.2% | 70.3% | 59.5% |
| newhope1024cca | ref | 59.3% | 58.9% | 47.4% |
| ntruhps2048509 | clean | 0.0% | 0.9% | 1.4% |
| ntruhrss701 | m4 | 0.1% | 26.5% | 8.2% |
| ntruhrss701 | ref | 0.0% | 2.3% | 0.5% |
| saber | m4 | 53.1% | 52.9% | 41.5% |
Expand All @@ -89,4 +92,4 @@
| qTesla-I | ref | 63.5% | 27.8% | 32.4% |
| qTesla-III-size | ref | 66.2% | 23.0% | 27.5% |
| qTesla-III-speed | ref | 73.3% | 24.1% | 28.3% |
| sphincs-shake256-128s | ref | 97.3% | 97.0% | 97.2% |
| sphincs-shake256-128f-simple | clean | 96.4% | 96.2% | 99.1% |
Loading

0 comments on commit d3d19d2

Please sign in to comment.