--- slug: c11-fips203ipd-v0.6 title: "C11 FIPS 203 IPD v0.6" date: "2024-05-15T04:16:06-04:00" tables: bench-x1: # table columns (required) cols: - id: "set" name: "Set" tip: "Parameter set." - id: "function" name: "Function" tip: "Function." - id: "cycles" name: "Cycles (median, 5k trials)" tip: "Median number of cycles from 5k trials." align: "right" # table rows (required) rows: - set: "kem512" function: "keygen" cycles: "17633" - set: "kem512" function: "encaps" cycles: "21602" - set: "kem512" function: "decaps" cycles: "25733" - set: "kem768" function: "keygen" cycles: "29384" - set: "kem768" function: "encaps" cycles: "32511" - set: "kem768" function: "decaps" cycles: "38176" - set: "kem1024" function: "keygen" cycles: "39829" - set: "kem1024" function: "encaps" cycles: "45250" - set: "kem1024" function: "decaps" cycles: "52425" bench-pi5: # table columns (required) cols: - id: "set" name: "Set" tip: "Parameter set." - id: "function" name: "Function" tip: "Function." - id: "cycles" name: "Cycles (median, 5k trials)" tip: "Median number of cycles from 5k trials." align: "right" # table rows (required) rows: - set: "kem512" function: "keygen" cycles: "53711" - set: "kem512" function: "encaps" cycles: "61366" - set: "kem512" function: "decaps" cycles: "73559" - set: "kem768" function: "keygen" cycles: "92560" - set: "kem768" function: "encaps" cycles: "104842" - set: "kem768" function: "decaps" cycles: "121485" - set: "kem1024" function: "keygen" cycles: "140219" - set: "kem1024" function: "encaps" cycles: "154949" - set: "kem1024" function: "decaps" cycles: "176131" bench-n2l: # table columns (required) cols: - id: "set" name: "Set" tip: "Parameter set." - id: "function" name: "Function" tip: "Function." - id: "cycles" name: "Cycles (median, 5k trials)" tip: "Median number of cycles from 5k trials." align: "right" # table rows (required) rows: - set: "kem512" function: "keygen" cycles: "96450" - set: "kem512" function: "encaps" cycles: "107550" - set: "kem512" function: "decaps" cycles: "126375" - set: "kem768" function: "keygen" cycles: "168450" - set: "kem768" function: "encaps" cycles: "186975" - set: "kem768" function: "decaps" cycles: "212925" - set: "kem1024" function: "keygen" cycles: "260325" - set: "kem1024" function: "encaps" cycles: "281175" - set: "kem1024" function: "decaps" cycles: "314250" --- I just released v0.6 of [fips203ipd][fips203ipd-git]. [fips203ipd][fips203ipd-git] is an embeddable, dependency-free, [MIT-0][] licensed, [C11][] implementation of the [FIPS 203 initial public draft (IPD)][fips203ipd] with scalar, [AVX-512][], and [Neon][] backends. The final version of [FIPS 203][fips203ipd] will become ML-KEM, [NIST's][nist] standarized post-quantum [key encapsulation mechanism (KEM)][kem]. [Git Repository][fips203ipd-git], [API Documentation][fips203ipd-api-docs], [Original Announcement][fips203ipd-announce], [pqc-forum Announcement][pqc-forum-announce] ### Changes in v0.6 - Add [Neon][] backend - Add MacOS support to test suite (thanks [Rod][rod-chapman]!) - Add backend auto-detection, `BACKEND` command-line build parameter, and `fips203ipd_backend()` function - Add [Raspberry Pi 5 (Cortex-A76)][pi5] benchmarks - Add "Backends" documentation section with brief notes about each backend ### Benchmarks Here are median cycle count as measured by the included `bench` tool for each parameter set and function from several of my systems. For context, the results below are competitive with the [eBATS][] results ([kyber512][], [kyber768][], [kyber1024][]), although the comparison is inexact because the results were measured with different tools and because [Kyber][] and ML-KEM differ slightly. #### Lenovo ThinkPad X1 Carbon, 6th Gen (x86-64 i7-1185G7, AVX-512 backend) {{< table "bench-x1" >}} #### Raspberry Pi 5 (ARM Cortex-A76, Neon backend) {{< table "bench-pi5" >}} #### Odroid N2L (ARM Cortex-A73, Neon backend) {{< table "bench-n2l" >}} [fips203ipd-git]: https://github.com/pablotron/fips203ipd "Embedable, dependency-free, MIT-0 licensed, C11 implemention of the FIPS 203 initial public draft (IPD)." [fips203ipd-api-docs]: https://pmdn.org/api-docs/fips203ipd/ "Online API documentation" [fips203ipd-announce]: {{< relref "posts/2023-10-07-c11-fips203ipd.md" >}} "Original release announcement." [mit-0]: https://opensource.org/license/mit-0/ "MIT No Attribution License" [C11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision) "ISO/IEC 9899:2011" [FIPS 202]: https://csrc.nist.gov/pubs/fips/202/final "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" [800-185]: https://csrc.nist.gov/pubs/sp/800/185/final "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash" [cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing "NIST Cryptographic Algorithm Validation Program (CAVP)" [turboshake]: https://eprint.iacr.org/2023/342.pdf "TurboSHAKE" [turboshake-ietf]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html "KangarooTwelve and TurboSHAKE" [turboshake-ietf-test-vectors]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html#name-test-vectors "KangarooTwelve and TurboSHAKE test vectors" [csrc-examples]: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values "NIST CSRC: Cryptographic Standards and Guidelines: Examples with Intermediate Values" [cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing "NIST Cryptographic Algorithm Validation Program (CAVP)" [fips203ipd]: https://csrc.nist.gov/pubs/fips/203/ipd "FIPS 203 (Initial Public Draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard" [kem]: https://en.wikipedia.org/wiki/Key_encapsulation_mechanism "Key encapsulation mechanism." [nist]: https://nist.gov/ "National Institute of Standards and Technology" [avx512]: https://en.wikipedia.org/wiki/AVX-512 "Advanced Vector Extensions (AVX) SIMD instructions." [barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction "Barrett modular reduction" [nist-tests]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files "NIST: Intermediate Values for draft ML-KEM and draft ML-DSA" [avx-512]: https://en.wikipedia.org/wiki/AVX-512 "AVX-512: 512-bit extensions to the Advanced Vector Extensions (AVX) instruction set." [intrinsics]: https://en.wikipedia.org/wiki/Intrinsic_function "Built-in compiler functions" [libcpucycles]: https://cpucycles.cr.yp.to/ "CPU cycle counting library." [csv]: https://en.wikipedia.org/wiki/Comma-separated_values "Comma-separated values (CSV)" [neon]: https://en.wikipedia.org/wiki/ARM_architecture_family#Advanced_SIMD_(Neon) "Advanced SIMD extension for ARM CPUs" [pi5]: https://en.wikipedia.org/wiki/Raspberry_Pi "Raspberry Pi" [rod-chapman]: https://github.com/rod-chapman "Rod Chapman" [pqc-forum-announce]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/mxWWySY9rB4 "fips203ipd v0.5 release announcement on the pqc-forum mailing list" [ebats]: http://bench.cr.yp.to/ebats.html "eBATS: ECRYPT Benchmarking of Asymmetric Systems" [kyber512]: http://bench.cr.yp.to/impl-kem/kyber512.html "eBATS: kyber512" [kyber768]: http://bench.cr.yp.to/impl-kem/kyber768.html "eBATS: kyber768" [kyber1024]: http://bench.cr.yp.to/impl-kem/kyber1024.html "eBATS: kyber1024" [kyber]: https://pq-crystals.org/kyber/ "Kyber"