Proposal: API Extension #715
Conversation
There was a problem hiding this comment.
Arm Cortex-A76 (Raspberry Pi 5) benchmarks
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
30178 cycles |
29432 cycles |
1.03 |
ML-KEM-512 encaps |
34726 cycles |
34675 cycles |
1.00 |
ML-KEM-512 decaps |
45361 cycles |
45262 cycles |
1.00 |
ML-KEM-768 keypair |
51464 cycles |
50035 cycles |
1.03 |
ML-KEM-768 encaps |
55213 cycles |
55249 cycles |
1.00 |
ML-KEM-768 decaps |
70250 cycles |
70288 cycles |
1.00 |
ML-KEM-1024 keypair |
75244 cycles |
73083 cycles |
1.03 |
ML-KEM-1024 encaps |
81519 cycles |
81542 cycles |
1.00 |
ML-KEM-1024 decaps |
101972 cycles |
101561 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
9635 cycles |
9480 cycles |
1.02 |
ML-KEM-512 encaps |
11273 cycles |
11097 cycles |
1.02 |
ML-KEM-512 decaps |
15350 cycles |
15155 cycles |
1.01 |
ML-KEM-768 keypair |
16605 cycles |
16336 cycles |
1.02 |
ML-KEM-768 encaps |
17685 cycles |
17796 cycles |
0.99 |
ML-KEM-768 decaps |
24202 cycles |
23519 cycles |
1.03 |
ML-KEM-1024 keypair |
22373 cycles |
21866 cycles |
1.02 |
ML-KEM-1024 encaps |
24761 cycles |
23887 cycles |
1.04 |
ML-KEM-1024 decaps |
31836 cycles |
31557 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i) (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
28986 cycles |
28932 cycles |
1.00 |
ML-KEM-512 encaps |
34717 cycles |
34881 cycles |
1.00 |
ML-KEM-512 decaps |
43691 cycles |
44422 cycles |
0.98 |
ML-KEM-768 keypair |
49686 cycles |
47657 cycles |
1.04 |
ML-KEM-768 encaps |
55859 cycles |
55635 cycles |
1.00 |
ML-KEM-768 decaps |
69030 cycles |
67697 cycles |
1.02 |
ML-KEM-1024 keypair |
72226 cycles |
73141 cycles |
0.99 |
ML-KEM-1024 encaps |
83760 cycles |
85205 cycles |
0.98 |
ML-KEM-1024 decaps |
100951 cycles |
99037 cycles |
1.02 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
17504 cycles |
17184 cycles |
1.02 |
ML-KEM-512 encaps |
19545 cycles |
18937 cycles |
1.03 |
ML-KEM-512 decaps |
24487 cycles |
24421 cycles |
1.00 |
ML-KEM-768 keypair |
30100 cycles |
29483 cycles |
1.02 |
ML-KEM-768 encaps |
30900 cycles |
30780 cycles |
1.00 |
ML-KEM-768 decaps |
39086 cycles |
39135 cycles |
1.00 |
ML-KEM-1024 keypair |
44071 cycles |
42719 cycles |
1.03 |
ML-KEM-1024 encaps |
45517 cycles |
45712 cycles |
1.00 |
ML-KEM-1024 decaps |
55994 cycles |
56005 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
16515 cycles |
16153 cycles |
1.02 |
ML-KEM-512 encaps |
18678 cycles |
18263 cycles |
1.02 |
ML-KEM-512 decaps |
25196 cycles |
24767 cycles |
1.02 |
ML-KEM-768 keypair |
28339 cycles |
27740 cycles |
1.02 |
ML-KEM-768 encaps |
29361 cycles |
29445 cycles |
1.00 |
ML-KEM-768 decaps |
39061 cycles |
39006 cycles |
1.00 |
ML-KEM-1024 keypair |
38376 cycles |
37549 cycles |
1.02 |
ML-KEM-1024 encaps |
40710 cycles |
40557 cycles |
1.00 |
ML-KEM-1024 decaps |
53418 cycles |
53094 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
11957 cycles |
11570 cycles |
1.03 |
ML-KEM-512 encaps |
13360 cycles |
13356 cycles |
1.00 |
ML-KEM-512 decaps |
18521 cycles |
18228 cycles |
1.02 |
ML-KEM-768 keypair |
20659 cycles |
20133 cycles |
1.03 |
ML-KEM-768 encaps |
21095 cycles |
21112 cycles |
1.00 |
ML-KEM-768 decaps |
28368 cycles |
28834 cycles |
0.98 |
ML-KEM-1024 keypair |
28059 cycles |
27036 cycles |
1.04 |
ML-KEM-1024 encaps |
29274 cycles |
29198 cycles |
1.00 |
ML-KEM-1024 decaps |
38949 cycles |
38762 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a) (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
39633 cycles |
38861 cycles |
1.02 |
ML-KEM-512 encaps |
47059 cycles |
47222 cycles |
1.00 |
ML-KEM-512 decaps |
60529 cycles |
60947 cycles |
0.99 |
ML-KEM-768 keypair |
63789 cycles |
63092 cycles |
1.01 |
ML-KEM-768 encaps |
73659 cycles |
73687 cycles |
1.00 |
ML-KEM-768 decaps |
91199 cycles |
91253 cycles |
1.00 |
ML-KEM-1024 keypair |
95964 cycles |
94519 cycles |
1.02 |
ML-KEM-1024 encaps |
107920 cycles |
108285 cycles |
1.00 |
ML-KEM-1024 decaps |
131122 cycles |
131266 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton4
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
18313 cycles |
17773 cycles |
1.03 |
ML-KEM-512 encaps |
21134 cycles |
21031 cycles |
1.00 |
ML-KEM-512 decaps |
27657 cycles |
27698 cycles |
1.00 |
ML-KEM-768 keypair |
31618 cycles |
30678 cycles |
1.03 |
ML-KEM-768 encaps |
33609 cycles |
33530 cycles |
1.00 |
ML-KEM-768 decaps |
43097 cycles |
43120 cycles |
1.00 |
ML-KEM-1024 keypair |
45922 cycles |
44326 cycles |
1.04 |
ML-KEM-1024 encaps |
49668 cycles |
49592 cycles |
1.00 |
ML-KEM-1024 decaps |
62598 cycles |
62596 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i) (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
46363 cycles |
46301 cycles |
1.00 |
ML-KEM-512 encaps |
54353 cycles |
54609 cycles |
1.00 |
ML-KEM-512 decaps |
69621 cycles |
69950 cycles |
1.00 |
ML-KEM-768 keypair |
76805 cycles |
75183 cycles |
1.02 |
ML-KEM-768 encaps |
86887 cycles |
86323 cycles |
1.01 |
ML-KEM-768 decaps |
107145 cycles |
106227 cycles |
1.01 |
ML-KEM-1024 keypair |
112712 cycles |
110866 cycles |
1.02 |
ML-KEM-1024 encaps |
125664 cycles |
124926 cycles |
1.01 |
ML-KEM-1024 decaps |
151403 cycles |
150400 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a) (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
36373 cycles |
35953 cycles |
1.01 |
ML-KEM-512 encaps |
42749 cycles |
42696 cycles |
1.00 |
ML-KEM-512 decaps |
55716 cycles |
55600 cycles |
1.00 |
ML-KEM-768 keypair |
59436 cycles |
59291 cycles |
1.00 |
ML-KEM-768 encaps |
67600 cycles |
67893 cycles |
1.00 |
ML-KEM-768 decaps |
84768 cycles |
85108 cycles |
1.00 |
ML-KEM-1024 keypair |
88410 cycles |
87394 cycles |
1.01 |
ML-KEM-1024 encaps |
99840 cycles |
99602 cycles |
1.00 |
ML-KEM-1024 decaps |
121506 cycles |
121043 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton2
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
30161 cycles |
29388 cycles |
1.03 |
ML-KEM-512 encaps |
34693 cycles |
34636 cycles |
1.00 |
ML-KEM-512 decaps |
45368 cycles |
45238 cycles |
1.00 |
ML-KEM-768 keypair |
51419 cycles |
50110 cycles |
1.03 |
ML-KEM-768 encaps |
55248 cycles |
55310 cycles |
1.00 |
ML-KEM-768 decaps |
70313 cycles |
70193 cycles |
1.00 |
ML-KEM-1024 keypair |
75179 cycles |
73113 cycles |
1.03 |
ML-KEM-1024 encaps |
81509 cycles |
81550 cycles |
1.00 |
ML-KEM-1024 decaps |
101964 cycles |
101575 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton4 (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
36286 cycles |
36997 cycles |
0.98 |
ML-KEM-512 encaps |
42322 cycles |
41062 cycles |
1.03 |
ML-KEM-512 decaps |
52117 cycles |
52113 cycles |
1.00 |
ML-KEM-768 keypair |
60664 cycles |
59560 cycles |
1.02 |
ML-KEM-768 encaps |
66986 cycles |
67378 cycles |
0.99 |
ML-KEM-768 decaps |
81104 cycles |
81159 cycles |
1.00 |
ML-KEM-1024 keypair |
90329 cycles |
88492 cycles |
1.02 |
ML-KEM-1024 encaps |
98610 cycles |
98647 cycles |
1.00 |
ML-KEM-1024 decaps |
117412 cycles |
117472 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton2 (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
62258 cycles |
59967 cycles |
1.04 |
ML-KEM-512 encaps |
69660 cycles |
67878 cycles |
1.03 |
ML-KEM-512 decaps |
88983 cycles |
86649 cycles |
1.03 |
ML-KEM-768 keypair |
100123 cycles |
98445 cycles |
1.02 |
ML-KEM-768 encaps |
110013 cycles |
110144 cycles |
1.00 |
ML-KEM-768 decaps |
134805 cycles |
134710 cycles |
1.00 |
ML-KEM-1024 keypair |
151049 cycles |
146744 cycles |
1.03 |
ML-KEM-1024 encaps |
164226 cycles |
162656 cycles |
1.01 |
ML-KEM-1024 decaps |
196168 cycles |
194511 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton3
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
19370 cycles |
18891 cycles |
1.03 |
ML-KEM-512 encaps |
22352 cycles |
22381 cycles |
1.00 |
ML-KEM-512 decaps |
29622 cycles |
29596 cycles |
1.00 |
ML-KEM-768 keypair |
33266 cycles |
32333 cycles |
1.03 |
ML-KEM-768 encaps |
35787 cycles |
35759 cycles |
1.00 |
ML-KEM-768 decaps |
46150 cycles |
46117 cycles |
1.00 |
ML-KEM-1024 keypair |
47840 cycles |
46414 cycles |
1.03 |
ML-KEM-1024 encaps |
51996 cycles |
52074 cycles |
1.00 |
ML-KEM-1024 decaps |
65945 cycles |
65931 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Graviton3 (no-opt)
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
39352 cycles |
39577 cycles |
0.99 |
ML-KEM-512 encaps |
46079 cycles |
44688 cycles |
1.03 |
ML-KEM-512 decaps |
56791 cycles |
56440 cycles |
1.01 |
ML-KEM-768 keypair |
65247 cycles |
64260 cycles |
1.02 |
ML-KEM-768 encaps |
71693 cycles |
72864 cycles |
0.98 |
ML-KEM-768 decaps |
87621 cycles |
87845 cycles |
1.00 |
ML-KEM-1024 keypair |
97088 cycles |
95809 cycles |
1.01 |
ML-KEM-1024 encaps |
106917 cycles |
106649 cycles |
1.00 |
ML-KEM-1024 decaps |
126962 cycles |
127051 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Bananapi bpi-f3 benchmarks
| Benchmark suite | Current: 4c5b57e | Previous: 3dc9642 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
329727 cycles |
331334 cycles |
1.00 |
ML-KEM-512 encaps |
308683 cycles |
439896 cycles |
0.70 |
ML-KEM-512 decaps |
472974 cycles |
588436 cycles |
0.80 |
ML-KEM-768 keypair |
546924 cycles |
548599 cycles |
1.00 |
ML-KEM-768 encaps |
433011 cycles |
688259 cycles |
0.63 |
ML-KEM-768 decaps |
648468 cycles |
880050 cycles |
0.74 |
ML-KEM-1024 keypair |
812647 cycles |
814706 cycles |
1.00 |
ML-KEM-1024 encaps |
564190 cycles |
988517 cycles |
0.57 |
ML-KEM-1024 decaps |
830107 cycles |
1222676 cycles |
0.68 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A55 (Snapdragon 888) benchmarks
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
61875 cycles |
59335 cycles |
1.04 |
ML-KEM-512 encaps |
67252 cycles |
66971 cycles |
1.00 |
ML-KEM-512 decaps |
85958 cycles |
86021 cycles |
1.00 |
ML-KEM-768 keypair |
108779 cycles |
101262 cycles |
1.07 |
ML-KEM-768 encaps |
112490 cycles |
112143 cycles |
1.00 |
ML-KEM-768 decaps |
139101 cycles |
139861 cycles |
0.99 |
ML-KEM-1024 keypair |
163183 cycles |
152966 cycles |
1.07 |
ML-KEM-1024 encaps |
171680 cycles |
174266 cycles |
0.99 |
ML-KEM-1024 decaps |
209538 cycles |
210791 cycles |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A72 (Raspberry Pi 4) benchmarks
| Benchmark suite | Current: 3898888 | Previous: 3756ba9 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
54741 cycles |
53509 cycles |
1.02 |
ML-KEM-512 encaps |
61491 cycles |
61512 cycles |
1.00 |
ML-KEM-512 decaps |
78019 cycles |
77960 cycles |
1.00 |
ML-KEM-768 keypair |
93583 cycles |
90628 cycles |
1.03 |
ML-KEM-768 encaps |
98001 cycles |
98387 cycles |
1.00 |
ML-KEM-768 decaps |
122484 cycles |
122120 cycles |
1.00 |
ML-KEM-1024 keypair |
142001 cycles |
135148 cycles |
1.05 |
ML-KEM-1024 encaps |
147592 cycles |
148348 cycles |
0.99 |
ML-KEM-1024 decaps |
180978 cycles |
181704 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
|
@hanno-becker - any thoughts on this? |
|
@mkannwischer What stands in the way of keeping the old API and providing the new one as an (optional) addition? |
mkannwischer
force-pushed
the
newapi
branch
2 times, most recently
from
3ca90c7 to
1f56ed1
Compare
mkannwischer
force-pushed
the
newapi
branch
5 times, most recently
from
0ab73bb to
c1e1a00
Compare
Signed-off-by: Matthias J. Kannwischer <[email protected]>
Signed-off-by: Matthias J. Kannwischer <[email protected]>
Signed-off-by: Matthias J. Kannwischer <[email protected]>
Signed-off-by: Matthias J. Kannwischer <[email protected]>
| #define mlk_indcpa_secret_key MLK_NAMESPACE_K(mlk_indcpa_secret_key) | ||
| typedef struct | ||
| { | ||
| mlk_polyvec skpv; |
There was a problem hiding this comment.
Have you considered caching the mulcache? This would be useful in decapsulation.
| @@ -331,15 +363,15 @@ __contract__( | |||
| * - We include buffer zeroization. | |||
There was a problem hiding this comment.
All Reference: .. comments need extending
| @@ -357,49 +389,48 @@ void mlk_indcpa_keypair_derand(uint8_t pk[MLKEM_INDCPA_PUBLICKEYBYTES], | |||
| */ | |||
| MLK_CT_TESTING_DECLASSIFY(publicseed, MLKEM_SYMBYTES); | |||
|
|
|||
| mlk_gen_matrix(a, publicseed, 0 /* no transpose */); | |||
| mlk_gen_matrix(pk->at, publicseed, 0 /* no transpose */); | |||
There was a problem hiding this comment.
Can you leave a comment that the matrix will be transposed later? Otherwise, it's confusing why the variable is named at.
| mlk_polyvec_add(pkpv, e); | ||
| mlk_polyvec_reduce(pkpv); | ||
| mlk_polyvec_reduce(skpv); | ||
| mlk_transpose_matrix(pk->at); |
There was a problem hiding this comment.
Can you leave a comment what the matrix is transposed for at this point?
| @@ -45,7 +109,7 @@ __contract__( | |||
| requires(memory_no_alias(a, sizeof(mlk_polymat))) | |||
| requires(memory_no_alias(seed, MLKEM_SYMBYTES)) | |||
| requires(transposed == 0 || transposed == 1) | |||
| assigns(object_whole(a)) | |||
| assigns(memory_slice(a, sizeof(mlk_poly) * MLKEM_K * MLKEM_K)) | |||
There was a problem hiding this comment.
Nit: sizeof(mlk_polymat)?
| requires(forall(k0, 0, MLKEM_K, | ||
| array_bound(pk->pkpv[k0].coeffs, 0, MLKEM_N, 0, MLKEM_UINT12_LIMIT))) | ||
| requires(forall(x, 0, MLKEM_K * MLKEM_K, | ||
| array_bound(pk->at[x].coeffs, 0, MLKEM_N, 0, MLKEM_Q))) |
There was a problem hiding this comment.
| array_bound(pk->at[x].coeffs, 0, MLKEM_N, 0, MLKEM_Q))) | |
| array_bound(pk->at[x].coeffs, 0, MLKEM_N, 0, MLKEM_Q))) |
hanno-becker
added
benchmark
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Intel Xeon 4th gen (c7i)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-1024 encaps |
24761 cycles |
23887 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Intel Xeon 4th gen (c7i) (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-768 keypair |
49686 cycles |
47657 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'AMD EPYC 4th gen (c7a)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
11957 cycles |
11570 cycles |
1.03 |
ML-KEM-1024 keypair |
28059 cycles |
27036 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'AMD EPYC 3rd gen (c6a)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 encaps |
19545 cycles |
18937 cycles |
1.03 |
ML-KEM-1024 keypair |
44071 cycles |
42719 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Graviton4'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
18313 cycles |
17773 cycles |
1.03 |
ML-KEM-768 keypair |
31618 cycles |
30678 cycles |
1.03 |
ML-KEM-1024 keypair |
45922 cycles |
44326 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Graviton3'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-1024 keypair |
47840 cycles |
46414 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Arm Cortex-A55 (Snapdragon 888) benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
61875 cycles |
59335 cycles |
1.04 |
ML-KEM-768 keypair |
108779 cycles |
101262 cycles |
1.07 |
ML-KEM-1024 keypair |
163183 cycles |
152966 cycles |
1.07 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Graviton4 (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 encaps |
42322 cycles |
41062 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Graviton3 (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 encaps |
46079 cycles |
44688 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Graviton2 (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
62258 cycles |
59967 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
| @@ -193,6 +199,32 @@ __contract__( | |||
| ensures(array_bound(data, 0, MLKEM_N, 0, MLKEM_Q))) { ((void)data); } | |||
| #endif /* !MLK_USE_NATIVE_NTT_CUSTOM_ORDER */ | |||
|
|
|||
| static void mlk_transpose_matrix(mlk_polymat a) | |||
There was a problem hiding this comment.
Can you add this to the component benchmarks so we get a sense of the performance cost?
There was a problem hiding this comment.
Mac Mini (M1, 2020) benchmarks
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
12686 cycles |
12245 cycles |
1.04 |
ML-KEM-512 encaps |
14877 cycles |
15104 cycles |
0.98 |
ML-KEM-512 decaps |
19629 cycles |
19571 cycles |
1.00 |
ML-KEM-768 keypair |
21872 cycles |
21036 cycles |
1.04 |
ML-KEM-768 encaps |
23731 cycles |
23653 cycles |
1.00 |
ML-KEM-768 decaps |
30584 cycles |
30519 cycles |
1.00 |
ML-KEM-1024 keypair |
31317 cycles |
29972 cycles |
1.04 |
ML-KEM-1024 encaps |
34603 cycles |
34477 cycles |
1.00 |
ML-KEM-1024 decaps |
43472 cycles |
43694 cycles |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Mac Mini (M1, 2020) benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 7875c83 | Previous: ae2afe5 | Ratio |
|---|---|---|---|
ML-KEM-512 keypair |
12686 cycles |
12245 cycles |
1.04 |
ML-KEM-768 keypair |
21872 cycles |
21036 cycles |
1.04 |
ML-KEM-1024 keypair |
31317 cycles |
29972 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
| * copy over indcpa pk and H(pk) to public key | ||
| * pk is NULL during parsing before decaps as the pk is not needed | ||
| **/ | ||
| if (pk != NULL) |
There was a problem hiding this comment.
The CBMC contract says pk must be valid.
This PR rebases an old proposal for extending the API to allow operating on validated+expanded keys (splitting out the serialization and deserialization into separate functions which contain the input validation).
Benefit of this is that in case you can keep the keys expanded, you get much better performance. This is particularly useful for an ephemeral use-case (e.g., TLS), where the secret key never has to leave memory.
The benchmarks below show why we should consider doing this: Decapsulation gets up to 3x faster if you can cache the expanded secret key from key generation. (Encapsulation gets even up to 5x faster if you can cache, but I don't think this is useful for any major use case of ML-KEM).
See pq-code-package/tsc#4 (comment) for the overview