From 38fa2ef4767c4308a25f5fe8300ebc758d398ee5 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Wed, 15 May 2024 05:05:41 -0400 Subject: add content/posts/2024-05-15-c11-fips203ipd-v0.6.md --- content/posts/2024-05-15-c11-fips203ipd-v0.6.md | 246 ++++++++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 content/posts/2024-05-15-c11-fips203ipd-v0.6.md diff --git a/content/posts/2024-05-15-c11-fips203ipd-v0.6.md b/content/posts/2024-05-15-c11-fips203ipd-v0.6.md new file mode 100644 index 0000000..ad9eee0 --- /dev/null +++ b/content/posts/2024-05-15-c11-fips203ipd-v0.6.md @@ -0,0 +1,246 @@ +--- +slug: c11-fips203ipd-v0.6 +title: "C11 FIPS 203 IPD v0.6" +date: "2024-05-15T04:16:06-04:00" +tables: + bench-x1: + # table columns (required) + cols: + - id: "set" + name: "Set" + tip: "Parameter set." + - id: "function" + name: "Function" + tip: "Function." + - id: "cycles" + name: "Cycles (median, 5k trials)" + tip: "Median number of cycles from 5k trials." + align: "right" + + # table rows (required) + rows: + - set: "kem512" + function: "keygen" + cycles: "17633" + - set: "kem512" + function: "encaps" + cycles: "21602" + - set: "kem512" + function: "decaps" + cycles: "25733" + - set: "kem768" + function: "keygen" + cycles: "29384" + - set: "kem768" + function: "encaps" + cycles: "32511" + - set: "kem768" + function: "decaps" + cycles: "38176" + - set: "kem1024" + function: "keygen" + cycles: "39829" + - set: "kem1024" + function: "encaps" + cycles: "45250" + - set: "kem1024" + function: "decaps" + cycles: "52425" + + bench-pi5: + # table columns (required) + cols: + - id: "set" + name: "Set" + tip: "Parameter set." + - id: "function" + name: "Function" + tip: "Function." + - id: "cycles" + name: "Cycles (median, 5k trials)" + tip: "Median number of cycles from 5k trials." + align: "right" + + # table rows (required) + rows: + - set: "kem512" + function: "keygen" + cycles: "53711" + - set: "kem512" + function: "encaps" + cycles: "61366" + - set: "kem512" + function: "decaps" + cycles: "73559" + - set: "kem768" + function: "keygen" + cycles: "92560" + - set: "kem768" + function: "encaps" + cycles: "104842" + - set: "kem768" + function: "decaps" + cycles: "121485" + - set: "kem1024" + function: "keygen" + cycles: "140219" + - set: "kem1024" + function: "encaps" + cycles: "154949" + - set: "kem1024" + function: "decaps" + cycles: "176131" + + bench-n2l: + # table columns (required) + cols: + - id: "set" + name: "Set" + tip: "Parameter set." + - id: "function" + name: "Function" + tip: "Function." + - id: "cycles" + name: "Cycles (median, 5k trials)" + tip: "Median number of cycles from 5k trials." + align: "right" + + # table rows (required) + rows: + - set: "kem512" + function: "keygen" + cycles: "96450" + - set: "kem512" + function: "encaps" + cycles: "107550" + - set: "kem512" + function: "decaps" + cycles: "126375" + - set: "kem768" + function: "keygen" + cycles: "168450" + - set: "kem768" + function: "encaps" + cycles: "186975" + - set: "kem768" + function: "decaps" + cycles: "212925" + - set: "kem1024" + function: "keygen" + cycles: "260325" + - set: "kem1024" + function: "encaps" + cycles: "281175" + - set: "kem1024" + function: "decaps" + cycles: "314250" + +--- + +I just released v0.6 of [fips203ipd][fips203ipd-git]. + +[fips203ipd][fips203ipd-git] is an embeddable, dependency-free, +[MIT-0][] licensed, [C11][] implementation of the [FIPS 203 initial +public draft (IPD)][fips203ipd] with scalar, [AVX-512][], and [Neon][] +backends. The final version of [FIPS 203][fips203ipd] will become +ML-KEM, [NIST's][nist] standarized post-quantum [key encapsulation +mechanism (KEM)][kem]. + +[Git Repository][fips203ipd-git], [API Documentation][fips203ipd-api-docs], +[Original Announcement][fips203ipd-announce], [pqc-forum Announcement][pqc-forum-announce] + +### Changes in v0.6 + +- Add [Neon][] backend +- Add MacOS support to test suite (thanks [Rod][]!) +- Add backend auto-detection, `BACKEND` command-line build parameter, + and `fips203ipd_backend()` function +- Add [Raspberry Pi 5 (Cortex-A76)][pi5] benchmarks +- Add "Backends" documentation section with brief notes about each backend + +### Benchmarks + +Here are median cycle count as measured by the included `bench` tool for +each parameter set and function from several of my systems. + +For context, the results below are competitive with the [eBATS][] +results ([kyber512][], [kyber768][], [kyber1024][]), although the +comparison is inexact because the results were measured with different +tools and because [Kyber][] and ML-KEM differ slightly. + +#### Lenovo ThinkPad X1 Carbon, 6th Gen (x86-64 i7-1185G7, AVX-512 backend) + +{{< table "bench-x1" >}} + +#### Raspberry Pi 5 (ARM Cortex-A76, Neon backend) + +{{< table "bench-pi5" >}} + +#### Odroid N2L (ARM Cortex-A73, Neon backend) + +{{< table "bench-n2l" >}} + +[fips203ipd-git]: https://github.com/pablotron/fips203ipd + "Embedable, dependency-free, MIT-0 licensed, C11 implemention of the FIPS 203 initial public draft (IPD)." +[fips203ipd-api-docs]: https://pmdn.org/api-docs/fips203ipd/ + "Online API documentation" +[fips203ipd-announce]: {{< relref "posts/2023-10-07-c11-fips203ipd.md" >}} + "Original release announcement." +[mit-0]: https://opensource.org/license/mit-0/ + "MIT No Attribution License" +[C11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision) + "ISO/IEC 9899:2011" +[FIPS 202]: https://csrc.nist.gov/pubs/fips/202/final + "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" +[800-185]: https://csrc.nist.gov/pubs/sp/800/185/final + "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash" +[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing + "NIST Cryptographic Algorithm Validation Program (CAVP)" +[turboshake]: https://eprint.iacr.org/2023/342.pdf + "TurboSHAKE" +[turboshake-ietf]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html + "KangarooTwelve and TurboSHAKE" +[turboshake-ietf-test-vectors]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html#name-test-vectors + "KangarooTwelve and TurboSHAKE test vectors" +[csrc-examples]: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values + "NIST CSRC: Cryptographic Standards and Guidelines: Examples with Intermediate Values" +[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing + "NIST Cryptographic Algorithm Validation Program (CAVP)" +[fips203ipd]: https://csrc.nist.gov/pubs/fips/203/ipd + "FIPS 203 (Initial Public Draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard" +[kem]: https://en.wikipedia.org/wiki/Key_encapsulation_mechanism + "Key encapsulation mechanism." +[nist]: https://nist.gov/ + "National Institute of Standards and Technology" +[avx512]: https://en.wikipedia.org/wiki/AVX-512 + "Advanced Vector Extensions (AVX) SIMD instructions." +[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction + "Barrett modular reduction" +[nist-tests]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files + "NIST: Intermediate Values for draft ML-KEM and draft ML-DSA" +[avx-512]: https://en.wikipedia.org/wiki/AVX-512 + "AVX-512: 512-bit extensions to the Advanced Vector Extensions (AVX) instruction set." +[intrinsics]: https://en.wikipedia.org/wiki/Intrinsic_function + "Built-in compiler functions" +[libcpucycles]: https://cpucycles.cr.yp.to/ + "CPU cycle counting library." +[csv]: https://en.wikipedia.org/wiki/Comma-separated_values + "Comma-separated values (CSV)" +[neon]: https://en.wikipedia.org/wiki/ARM_architecture_family#Advanced_SIMD_(Neon) + "Advanced SIMD extension for ARM CPUs" +[pi5]: https://en.wikipedia.org/wiki/Raspberry_Pi + "Raspberry Pi" +[rod chapman]: https://github.com/rod-chapman + "Rod Chapman" +[pqc-forum-announce]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/mxWWySY9rB4 + "fips203ipd v0.5 release announcement on the pqc-forum mailing list" +[ebats]: http://bench.cr.yp.to/ebats.html + "eBATS: ECRYPT Benchmarking of Asymmetric Systems" +[kyber512]: http://bench.cr.yp.to/impl-kem/kyber512.html + "eBATS: kyber512" +[kyber768]: http://bench.cr.yp.to/impl-kem/kyber768.html + "eBATS: kyber768" +[kyber1024]: http://bench.cr.yp.to/impl-kem/kyber1024.html + "eBATS: kyber1024" +[kyber]: https://pq-crystals.org/kyber/ + "Kyber" -- cgit v1.2.3