I just released v0.6 of fips203ipd.
fips203ipd is an embeddable, dependency-free, MIT-0 licensed, C11 implementation of the FIPS 203 initial public draft (IPD) with scalar, AVX-512, and Neon backends. The final version of FIPS 203 will become ML-KEM, NIST’s standarized post-quantum key encapsulation mechanism (KEM).
Git Repository, API Documentation, Original Announcement, pqc-forum Announcement
Changes in v0.6
- Add Neon backend
- Add MacOS support to test suite (thanks Rod!)
- Add backend auto-detection,
BACKENDcommand-line build parameter, andfips203ipd_backend()function - Add Raspberry Pi 5 (Cortex-A76) benchmarks
- Add “Backends” documentation section with brief notes about each backend
Benchmarks
Here are median cycle count as measured by the included bench tool for
each parameter set, function, compiler, and backend from several of my
systems.
For context, the results below are competitive with the eBATS results (kyber512, kyber768, kyber1024), although the comparison is inexact because the results were measured with different tools and because Kyber and ML-KEM differ slightly.
Lenovo ThinkPad X1 Carbon, 6th Gen (x86-64 i7-1185G7)
Median cycles by backend, Lenovo ThinkPad X1 Carbon, 6th Gen (i7-1185G7).
| Set | Function | Scalar (GCC) | Scalar (Clang) | AVX-512 (GCC) |
|---|---|---|---|---|
| kem512 | keygen | 118733 | 70770 | 17448 |
| kem512 | encaps | 126159 | 82713 | 21474 |
| kem512 | decaps | 185426 | 97722 | 25685 |
| kem768 | keygen | 172446 | 110192 | 29334 |
| kem768 | encaps | 184614 | 132385 | 32528 |
| kem768 | decaps | 234564 | 148425 | 38184 |
| kem1024 | keygen | 268327 | 176256 | 39914 |
| kem1024 | encaps | 270793 | 206497 | 45268 |
| kem1024 | decaps | 370533 | 224686 | 52523 |
Raspberry Pi 5 (ARM Cortex-A76)
Median cycles by backend, Raspberry Pi 5 (Cortex-A76).
| Set | Function | Scalar (GCC) | Scalar (Clang) | Neon (GCC) |
|---|---|---|---|---|
| kem512 | keygen | 127403 | 77030 | 53667 |
| kem512 | encaps | 132432 | 90335 | 61321 |
| kem512 | decaps | 176620 | 107868 | 73647 |
| kem768 | keygen | 197268 | 114009 | 92471 |
| kem768 | encaps | 205189 | 140042 | 104842 |
| kem768 | decaps | 265442 | 162514 | 121529 |
| kem1024 | keygen | 292543 | 180492 | 140220 |
| kem1024 | encaps | 298150 | 212488 | 155127 |
| kem1024 | decaps | 376114 | 242303 | 176042 |
Odroid N2L (ARM Cortex-A73)
Median cycles by backend, Odroid N2L (Cortex-A73).
| Set | Function | Scalar (GCC) | Scalar (Clang) | Neon (GCC) |
|---|---|---|---|---|
| kem512 | keygen | 210900 | 123675 | 89625 |
| kem512 | encaps | 216750 | 143325 | 101550 |
| kem512 | decaps | 298050 | 173550 | 122475 |
| kem768 | keygen | 325050 | 179025 | 153525 |
| kem768 | encaps | 331725 | 219900 | 173325 |
| kem768 | decaps | 444600 | 259350 | 201900 |
| kem1024 | keygen | 482625 | 285375 | 234075 |
| kem1024 | encaps | 475500 | 335025 | 256650 |
| kem1024 | decaps | 619725 | 384825 | 293250 |
Update (2024-05-16): Added cycle counts for scalar backend (clang
and gcc), added bar charts, added downloadable CSVs. The
CSVs and SVGs generated by the Python scripts in the
scripts/bench-chart/ directory of the Git repository.