aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2024-05-15-c11-fips203ipd-v0.6.md
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2024-05-15 05:05:41 -0400
committerPaul Duncan <pabs@pablotron.org>2024-05-15 05:05:41 -0400
commit38fa2ef4767c4308a25f5fe8300ebc758d398ee5 (patch)
tree3be4589de12bf34a4fe7868ee54e635f50861983 /content/posts/2024-05-15-c11-fips203ipd-v0.6.md
parent6c5fdd69e08d4725fa47c8eafb4bc7845bc1ecc3 (diff)
downloadpablotron.org-38fa2ef4767c4308a25f5fe8300ebc758d398ee5.tar.bz2
pablotron.org-38fa2ef4767c4308a25f5fe8300ebc758d398ee5.zip
add content/posts/2024-05-15-c11-fips203ipd-v0.6.md
Diffstat (limited to 'content/posts/2024-05-15-c11-fips203ipd-v0.6.md')
-rw-r--r--content/posts/2024-05-15-c11-fips203ipd-v0.6.md246
1 files changed, 246 insertions, 0 deletions
diff --git a/content/posts/2024-05-15-c11-fips203ipd-v0.6.md b/content/posts/2024-05-15-c11-fips203ipd-v0.6.md
new file mode 100644
index 0000000..ad9eee0
--- /dev/null
+++ b/content/posts/2024-05-15-c11-fips203ipd-v0.6.md
@@ -0,0 +1,246 @@
+---
+slug: c11-fips203ipd-v0.6
+title: "C11 FIPS 203 IPD v0.6"
+date: "2024-05-15T04:16:06-04:00"
+tables:
+ bench-x1:
+ # table columns (required)
+ cols:
+ - id: "set"
+ name: "Set"
+ tip: "Parameter set."
+ - id: "function"
+ name: "Function"
+ tip: "Function."
+ - id: "cycles"
+ name: "Cycles (median, 5k trials)"
+ tip: "Median number of cycles from 5k trials."
+ align: "right"
+
+ # table rows (required)
+ rows:
+ - set: "kem512"
+ function: "keygen"
+ cycles: "17633"
+ - set: "kem512"
+ function: "encaps"
+ cycles: "21602"
+ - set: "kem512"
+ function: "decaps"
+ cycles: "25733"
+ - set: "kem768"
+ function: "keygen"
+ cycles: "29384"
+ - set: "kem768"
+ function: "encaps"
+ cycles: "32511"
+ - set: "kem768"
+ function: "decaps"
+ cycles: "38176"
+ - set: "kem1024"
+ function: "keygen"
+ cycles: "39829"
+ - set: "kem1024"
+ function: "encaps"
+ cycles: "45250"
+ - set: "kem1024"
+ function: "decaps"
+ cycles: "52425"
+
+ bench-pi5:
+ # table columns (required)
+ cols:
+ - id: "set"
+ name: "Set"
+ tip: "Parameter set."
+ - id: "function"
+ name: "Function"
+ tip: "Function."
+ - id: "cycles"
+ name: "Cycles (median, 5k trials)"
+ tip: "Median number of cycles from 5k trials."
+ align: "right"
+
+ # table rows (required)
+ rows:
+ - set: "kem512"
+ function: "keygen"
+ cycles: "53711"
+ - set: "kem512"
+ function: "encaps"
+ cycles: "61366"
+ - set: "kem512"
+ function: "decaps"
+ cycles: "73559"
+ - set: "kem768"
+ function: "keygen"
+ cycles: "92560"
+ - set: "kem768"
+ function: "encaps"
+ cycles: "104842"
+ - set: "kem768"
+ function: "decaps"
+ cycles: "121485"
+ - set: "kem1024"
+ function: "keygen"
+ cycles: "140219"
+ - set: "kem1024"
+ function: "encaps"
+ cycles: "154949"
+ - set: "kem1024"
+ function: "decaps"
+ cycles: "176131"
+
+ bench-n2l:
+ # table columns (required)
+ cols:
+ - id: "set"
+ name: "Set"
+ tip: "Parameter set."
+ - id: "function"
+ name: "Function"
+ tip: "Function."
+ - id: "cycles"
+ name: "Cycles (median, 5k trials)"
+ tip: "Median number of cycles from 5k trials."
+ align: "right"
+
+ # table rows (required)
+ rows:
+ - set: "kem512"
+ function: "keygen"
+ cycles: "96450"
+ - set: "kem512"
+ function: "encaps"
+ cycles: "107550"
+ - set: "kem512"
+ function: "decaps"
+ cycles: "126375"
+ - set: "kem768"
+ function: "keygen"
+ cycles: "168450"
+ - set: "kem768"
+ function: "encaps"
+ cycles: "186975"
+ - set: "kem768"
+ function: "decaps"
+ cycles: "212925"
+ - set: "kem1024"
+ function: "keygen"
+ cycles: "260325"
+ - set: "kem1024"
+ function: "encaps"
+ cycles: "281175"
+ - set: "kem1024"
+ function: "decaps"
+ cycles: "314250"
+
+---
+
+I just released v0.6 of [fips203ipd][fips203ipd-git].
+
+[fips203ipd][fips203ipd-git] is an embeddable, dependency-free,
+[MIT-0][] licensed, [C11][] implementation of the [FIPS 203 initial
+public draft (IPD)][fips203ipd] with scalar, [AVX-512][], and [Neon][]
+backends. The final version of [FIPS 203][fips203ipd] will become
+ML-KEM, [NIST's][nist] standarized post-quantum [key encapsulation
+mechanism (KEM)][kem].
+
+[Git Repository][fips203ipd-git], [API Documentation][fips203ipd-api-docs],
+[Original Announcement][fips203ipd-announce], [pqc-forum Announcement][pqc-forum-announce]
+
+### Changes in v0.6
+
+- Add [Neon][] backend
+- Add MacOS support to test suite (thanks [Rod][]!)
+- Add backend auto-detection, `BACKEND` command-line build parameter,
+ and `fips203ipd_backend()` function
+- Add [Raspberry Pi 5 (Cortex-A76)][pi5] benchmarks
+- Add "Backends" documentation section with brief notes about each backend
+
+### Benchmarks
+
+Here are median cycle count as measured by the included `bench` tool for
+each parameter set and function from several of my systems.
+
+For context, the results below are competitive with the [eBATS][]
+results ([kyber512][], [kyber768][], [kyber1024][]), although the
+comparison is inexact because the results were measured with different
+tools and because [Kyber][] and ML-KEM differ slightly.
+
+#### Lenovo ThinkPad X1 Carbon, 6th Gen (x86-64 i7-1185G7, AVX-512 backend)
+
+{{< table "bench-x1" >}}
+
+#### Raspberry Pi 5 (ARM Cortex-A76, Neon backend)
+
+{{< table "bench-pi5" >}}
+
+#### Odroid N2L (ARM Cortex-A73, Neon backend)
+
+{{< table "bench-n2l" >}}
+
+[fips203ipd-git]: https://github.com/pablotron/fips203ipd
+ "Embedable, dependency-free, MIT-0 licensed, C11 implemention of the FIPS 203 initial public draft (IPD)."
+[fips203ipd-api-docs]: https://pmdn.org/api-docs/fips203ipd/
+ "Online API documentation"
+[fips203ipd-announce]: {{< relref "posts/2023-10-07-c11-fips203ipd.md" >}}
+ "Original release announcement."
+[mit-0]: https://opensource.org/license/mit-0/
+ "MIT No Attribution License"
+[C11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision)
+ "ISO/IEC 9899:2011"
+[FIPS 202]: https://csrc.nist.gov/pubs/fips/202/final
+ "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions"
+[800-185]: https://csrc.nist.gov/pubs/sp/800/185/final
+ "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash"
+[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing
+ "NIST Cryptographic Algorithm Validation Program (CAVP)"
+[turboshake]: https://eprint.iacr.org/2023/342.pdf
+ "TurboSHAKE"
+[turboshake-ietf]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html
+ "KangarooTwelve and TurboSHAKE"
+[turboshake-ietf-test-vectors]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html#name-test-vectors
+ "KangarooTwelve and TurboSHAKE test vectors"
+[csrc-examples]: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
+ "NIST CSRC: Cryptographic Standards and Guidelines: Examples with Intermediate Values"
+[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing
+ "NIST Cryptographic Algorithm Validation Program (CAVP)"
+[fips203ipd]: https://csrc.nist.gov/pubs/fips/203/ipd
+ "FIPS 203 (Initial Public Draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard"
+[kem]: https://en.wikipedia.org/wiki/Key_encapsulation_mechanism
+ "Key encapsulation mechanism."
+[nist]: https://nist.gov/
+ "National Institute of Standards and Technology"
+[avx512]: https://en.wikipedia.org/wiki/AVX-512
+ "Advanced Vector Extensions (AVX) SIMD instructions."
+[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction
+ "Barrett modular reduction"
+[nist-tests]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files
+ "NIST: Intermediate Values for draft ML-KEM and draft ML-DSA"
+[avx-512]: https://en.wikipedia.org/wiki/AVX-512
+ "AVX-512: 512-bit extensions to the Advanced Vector Extensions (AVX) instruction set."
+[intrinsics]: https://en.wikipedia.org/wiki/Intrinsic_function
+ "Built-in compiler functions"
+[libcpucycles]: https://cpucycles.cr.yp.to/
+ "CPU cycle counting library."
+[csv]: https://en.wikipedia.org/wiki/Comma-separated_values
+ "Comma-separated values (CSV)"
+[neon]: https://en.wikipedia.org/wiki/ARM_architecture_family#Advanced_SIMD_(Neon)
+ "Advanced SIMD extension for ARM CPUs"
+[pi5]: https://en.wikipedia.org/wiki/Raspberry_Pi
+ "Raspberry Pi"
+[rod chapman]: https://github.com/rod-chapman
+ "Rod Chapman"
+[pqc-forum-announce]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/mxWWySY9rB4
+ "fips203ipd v0.5 release announcement on the pqc-forum mailing list"
+[ebats]: http://bench.cr.yp.to/ebats.html
+ "eBATS: ECRYPT Benchmarking of Asymmetric Systems"
+[kyber512]: http://bench.cr.yp.to/impl-kem/kyber512.html
+ "eBATS: kyber512"
+[kyber768]: http://bench.cr.yp.to/impl-kem/kyber768.html
+ "eBATS: kyber768"
+[kyber1024]: http://bench.cr.yp.to/impl-kem/kyber1024.html
+ "eBATS: kyber1024"
+[kyber]: https://pq-crystals.org/kyber/
+ "Kyber"