1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
---
slug: c11-fips203ipd-v0.6
title: "C11 FIPS 203 IPD v0.6"
date: "2024-05-15T04:16:06-04:00"
tables:
bench-x1:
# table columns (required)
cols:
- id: "set"
name: "Set"
tip: "Parameter set."
- id: "function"
name: "Function"
tip: "Function."
- id: "cycles"
name: "Cycles (median, 5k trials)"
tip: "Median number of cycles from 5k trials."
align: "right"
# table rows (required)
rows:
- set: "kem512"
function: "keygen"
cycles: "17633"
- set: "kem512"
function: "encaps"
cycles: "21602"
- set: "kem512"
function: "decaps"
cycles: "25733"
- set: "kem768"
function: "keygen"
cycles: "29384"
- set: "kem768"
function: "encaps"
cycles: "32511"
- set: "kem768"
function: "decaps"
cycles: "38176"
- set: "kem1024"
function: "keygen"
cycles: "39829"
- set: "kem1024"
function: "encaps"
cycles: "45250"
- set: "kem1024"
function: "decaps"
cycles: "52425"
bench-pi5:
# table columns (required)
cols:
- id: "set"
name: "Set"
tip: "Parameter set."
- id: "function"
name: "Function"
tip: "Function."
- id: "cycles"
name: "Cycles (median, 5k trials)"
tip: "Median number of cycles from 5k trials."
align: "right"
# table rows (required)
rows:
- set: "kem512"
function: "keygen"
cycles: "53711"
- set: "kem512"
function: "encaps"
cycles: "61366"
- set: "kem512"
function: "decaps"
cycles: "73559"
- set: "kem768"
function: "keygen"
cycles: "92560"
- set: "kem768"
function: "encaps"
cycles: "104842"
- set: "kem768"
function: "decaps"
cycles: "121485"
- set: "kem1024"
function: "keygen"
cycles: "140219"
- set: "kem1024"
function: "encaps"
cycles: "154949"
- set: "kem1024"
function: "decaps"
cycles: "176131"
bench-n2l:
# table columns (required)
cols:
- id: "set"
name: "Set"
tip: "Parameter set."
- id: "function"
name: "Function"
tip: "Function."
- id: "cycles"
name: "Cycles (median, 5k trials)"
tip: "Median number of cycles from 5k trials."
align: "right"
# table rows (required)
rows:
- set: "kem512"
function: "keygen"
cycles: "96450"
- set: "kem512"
function: "encaps"
cycles: "107550"
- set: "kem512"
function: "decaps"
cycles: "126375"
- set: "kem768"
function: "keygen"
cycles: "168450"
- set: "kem768"
function: "encaps"
cycles: "186975"
- set: "kem768"
function: "decaps"
cycles: "212925"
- set: "kem1024"
function: "keygen"
cycles: "260325"
- set: "kem1024"
function: "encaps"
cycles: "281175"
- set: "kem1024"
function: "decaps"
cycles: "314250"
---
I just released v0.6 of [fips203ipd][fips203ipd-git].
[fips203ipd][fips203ipd-git] is an embeddable, dependency-free,
[MIT-0][] licensed, [C11][] implementation of the [FIPS 203 initial
public draft (IPD)][fips203ipd] with scalar, [AVX-512][], and [Neon][]
backends. The final version of [FIPS 203][fips203ipd] will become
ML-KEM, [NIST's][nist] standarized post-quantum [key encapsulation
mechanism (KEM)][kem].
[Git Repository][fips203ipd-git], [API Documentation][fips203ipd-api-docs],
[Original Announcement][fips203ipd-announce], [pqc-forum Announcement][pqc-forum-announce]
### Changes in v0.6
- Add [Neon][] backend
- Add MacOS support to test suite (thanks [Rod][]!)
- Add backend auto-detection, `BACKEND` command-line build parameter,
and `fips203ipd_backend()` function
- Add [Raspberry Pi 5 (Cortex-A76)][pi5] benchmarks
- Add "Backends" documentation section with brief notes about each backend
### Benchmarks
Here are median cycle count as measured by the included `bench` tool for
each parameter set and function from several of my systems.
For context, the results below are competitive with the [eBATS][]
results ([kyber512][], [kyber768][], [kyber1024][]), although the
comparison is inexact because the results were measured with different
tools and because [Kyber][] and ML-KEM differ slightly.
#### Lenovo ThinkPad X1 Carbon, 6th Gen (x86-64 i7-1185G7, AVX-512 backend)
{{< table "bench-x1" >}}
#### Raspberry Pi 5 (ARM Cortex-A76, Neon backend)
{{< table "bench-pi5" >}}
#### Odroid N2L (ARM Cortex-A73, Neon backend)
{{< table "bench-n2l" >}}
[fips203ipd-git]: https://github.com/pablotron/fips203ipd
"Embedable, dependency-free, MIT-0 licensed, C11 implemention of the FIPS 203 initial public draft (IPD)."
[fips203ipd-api-docs]: https://pmdn.org/api-docs/fips203ipd/
"Online API documentation"
[fips203ipd-announce]: {{< relref "posts/2023-10-07-c11-fips203ipd.md" >}}
"Original release announcement."
[mit-0]: https://opensource.org/license/mit-0/
"MIT No Attribution License"
[C11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision)
"ISO/IEC 9899:2011"
[FIPS 202]: https://csrc.nist.gov/pubs/fips/202/final
"SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions"
[800-185]: https://csrc.nist.gov/pubs/sp/800/185/final
"SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash"
[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing
"NIST Cryptographic Algorithm Validation Program (CAVP)"
[turboshake]: https://eprint.iacr.org/2023/342.pdf
"TurboSHAKE"
[turboshake-ietf]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html
"KangarooTwelve and TurboSHAKE"
[turboshake-ietf-test-vectors]: https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-10.html#name-test-vectors
"KangarooTwelve and TurboSHAKE test vectors"
[csrc-examples]: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
"NIST CSRC: Cryptographic Standards and Guidelines: Examples with Intermediate Values"
[cavp]: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing
"NIST Cryptographic Algorithm Validation Program (CAVP)"
[fips203ipd]: https://csrc.nist.gov/pubs/fips/203/ipd
"FIPS 203 (Initial Public Draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard"
[kem]: https://en.wikipedia.org/wiki/Key_encapsulation_mechanism
"Key encapsulation mechanism."
[nist]: https://nist.gov/
"National Institute of Standards and Technology"
[avx512]: https://en.wikipedia.org/wiki/AVX-512
"Advanced Vector Extensions (AVX) SIMD instructions."
[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction
"Barrett modular reduction"
[nist-tests]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files
"NIST: Intermediate Values for draft ML-KEM and draft ML-DSA"
[avx-512]: https://en.wikipedia.org/wiki/AVX-512
"AVX-512: 512-bit extensions to the Advanced Vector Extensions (AVX) instruction set."
[intrinsics]: https://en.wikipedia.org/wiki/Intrinsic_function
"Built-in compiler functions"
[libcpucycles]: https://cpucycles.cr.yp.to/
"CPU cycle counting library."
[csv]: https://en.wikipedia.org/wiki/Comma-separated_values
"Comma-separated values (CSV)"
[neon]: https://en.wikipedia.org/wiki/ARM_architecture_family#Advanced_SIMD_(Neon)
"Advanced SIMD extension for ARM CPUs"
[pi5]: https://en.wikipedia.org/wiki/Raspberry_Pi
"Raspberry Pi"
[rod chapman]: https://github.com/rod-chapman
"Rod Chapman"
[pqc-forum-announce]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/mxWWySY9rB4
"fips203ipd v0.5 release announcement on the pqc-forum mailing list"
[ebats]: http://bench.cr.yp.to/ebats.html
"eBATS: ECRYPT Benchmarking of Asymmetric Systems"
[kyber512]: http://bench.cr.yp.to/impl-kem/kyber512.html
"eBATS: kyber512"
[kyber768]: http://bench.cr.yp.to/impl-kem/kyber768.html
"eBATS: kyber768"
[kyber1024]: http://bench.cr.yp.to/impl-kem/kyber1024.html
"eBATS: kyber1024"
[kyber]: https://pq-crystals.org/kyber/
"Kyber"
|