vectorized polyw1_pack

Author: gregorseiler

SHA256SUMS

@@ -1,9 +1,3 @@
-6e7e295859101ce0aa3c66600deb1a194c9d6874a08d9d5f858a25bfbb0d34ca  tvecs2
-33db29f32cbf87fa3f5b0206a68d08703b9149f3fce112190991420649fbb46a  tvecs3
-d71584fc3cc709fbbe2817e410e26e5729539242f0cc1d0b193cd8ccc69f29e5  tvecs4
-358fcf0bcc7bec69b92aeb42c6bba4c4f989693a87e0384415ced93fe9c17069  tvecs2aes
-edd793047ed12fbe27e9b188b474c34ee5c75e8f4c6e6f0312dd18f0b38318db  tvecs3aes
-61f9357202efc7b564d4426755727248a3fb1f45cd74cdeae1a9533c43bd7322  tvecs4aes
 81ff60e3ef698751e5572f0bb7f831f069605229c220ee1cf27a92572d6ebc7e  PQCsignKAT_Dilithium2.req
 532f4a7a416bba96b607395a6d07fc0eaab1f1f968e49758d2a97c718de832e7  PQCsignKAT_Dilithium2.rsp
 81ff60e3ef698751e5572f0bb7f831f069605229c220ee1cf27a92572d6ebc7e  PQCsignKAT_Dilithium3.req
@@ -16,3 +10,9 @@ edd793047ed12fbe27e9b188b474c34ee5c75e8f4c6e6f0312dd18f0b38318db  tvecs3aes
 f3c5fcceafa9fb2462721f272791a26c9a123b3a07fad7e07dfec232085fdd7f  PQCsignKAT_Dilithium3-AES.rsp
 81ff60e3ef698751e5572f0bb7f831f069605229c220ee1cf27a92572d6ebc7e  PQCsignKAT_Dilithium4-AES.req
 8de4e2ac2032f714263aa0d045275ec62b6f192f8828cfe82b63ec0b0b32deb6  PQCsignKAT_Dilithium4-AES.rsp
+592010c7047b68ed07424b8fda5c337d70eccb5dad99e2b3dbc9a124bef89ccd  tvecs2
+d6cd6334975b89e851b43af35213fdc606b334a9364a86d7f0533d8a87fa54d3  tvecs2aes
+190476ba894321b66bbff6af8ced1bb2df3dcb95beef80fb73f1c8c058eaf526  tvecs3
+057382ca533828c302c06e8fdbc9d6a313d27b0415a7f5ef004e664dae52fd2a  tvecs3aes
+f1523cc865df73a8e210c0363dc285e2b59f4c4fbde81c38507ac08279635997  tvecs4
+4f0e3cefd83bae430e5d9773040631fcb6ad0cfe1d1472ab5e2d1dfc8977cd40  tvecs4aes

avx2/poly.c

@@ -1045,14 +1045,56 @@ void polyz_unpack(poly * restrict r, const uint8_t * restrict a) {
 **************************************************/
 void polyw1_pack(uint8_t * restrict r, const poly * restrict a) {
   unsigned int i;
-//  _mm256i vec;
+  __m256i f0, f1, f2, f3, f4, f5, f6, f7;
+  const __m256i mask = _mm256_set1_epi64x(0xFF00FF00FF00FF00);
+  const __m256i idx = _mm256_set_epi8(15,13,14,12,11, 9,10, 8,
+                                       7, 5, 6, 4, 3, 1, 2, 0,
+                                      15,13,14,12,11, 9,10, 8,
+                                       7, 5, 6, 4, 3, 1, 2, 0);
   DBENCH_START();
 
-//  for(i = 0; i < N/8: ++i) {
-//    vec = _mm256_load_si256((__m256i *)&a->coeffs[8*i]);
-
-  for(i = 0; i < N/2; ++i)
-    r[i] = a->coeffs[2*i+0] | (a->coeffs[2*i+1] << 4);
+  for(i = 0; i < N/64; ++i) {
+    f0 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+ 0]);
+    f1 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+ 8]);
+    f2 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+16]);
+    f3 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+24]);
+
+    f0 = _mm256_and_si256(f0, _mm256_set1_epi32(15));
+    f1 = _mm256_and_si256(f1, _mm256_set1_epi32(15));
+    f2 = _mm256_and_si256(f2, _mm256_set1_epi32(15));
+    f3 = _mm256_and_si256(f3, _mm256_set1_epi32(15));
+
+    f0 = _mm256_packus_epi32(f0, f1);
+    f4 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+32]);
+    f5 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+40]);
+
+    f1 = _mm256_packus_epi32(f2, f3);
+    f6 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+48]);
+    f7 = _mm256_load_si256((__m256i *)&a->coeffs[64*i+56]);
+
+    f4 = _mm256_and_si256(f4, _mm256_set1_epi32(15));
+    f5 = _mm256_and_si256(f5, _mm256_set1_epi32(15));
+    f6 = _mm256_and_si256(f6, _mm256_set1_epi32(15));
+    f7 = _mm256_and_si256(f7, _mm256_set1_epi32(15));
+
+    f2 = _mm256_packus_epi32(f4, f5);
+    f3 = _mm256_packus_epi32(f6, f7);
+    f0 = _mm256_packus_epi16(f0, f1);
+    f1 = _mm256_packus_epi16(f2, f3);
+    f2 = _mm256_permute2x128_si256(f0, f1, 0x20);	/* ABCD */
+    f3 = _mm256_permute2x128_si256(f0, f1, 0x31);	/* EFGH */
+
+    f4 = _mm256_srli_epi16(f2, 8);			/* B0D0 */
+    f5 = _mm256_slli_epi16(f3, 8);			/* 0E0G */
+    f0 = _mm256_blendv_epi8(f2, f5, mask);		/* AECG */
+    f1 = _mm256_blendv_epi8(f4, f3, mask);		/* BFDH */
+
+    f1 = _mm256_slli_epi16(f1, 4);
+    f0 = _mm256_or_si256(f0, f1);
+
+    f0 = _mm256_shuffle_epi8(f0, idx);
+    _mm256_storeu_si256((__m256i *)&r[32*i], f0);
+  }
 
   DBENCH_STOP(*tpack);
 }

avx2/sign.c

@@ -80,9 +80,9 @@ void challenge(poly *c,
 **************************************************/
 int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
   unsigned int i;
-   __attribute__((aligned(32)))
+  __attribute__((aligned(32)))
   uint8_t seedbuf[3*SEEDBYTES];
-   __attribute__((aligned(32)))
+  __attribute__((aligned(32)))
   uint8_t tr[CRHBYTES];
   const uint8_t *rho, *rhoprime, *key;
   polyvecl mat[K];

avx2/test/test_vectors.c

@@ -1,5 +1,6 @@
 #include <stdint.h>
 #include <stdio.h>
+#include <string.h>
 #include "../params.h"
 #include "../sign.h"
 #include "../poly.h"
@@ -172,9 +173,8 @@ int main(void) {
 
     if(polyveck_chknorm(&w1, 16))
       fprintf(stderr, "ERROR in polyveck_chknorm(&w1, 16)!\n");
-    h = w0;
-    polyveck_csubq(&h);
-    if(polyveck_chknorm(&h, ALPHA/2+1))
+    polyveck_csubq(&w0);
+    if(polyveck_chknorm(&w0, ALPHA/2+1))
       fprintf(stderr, "ERROR in polyveck_chknorm(&w0 ,ALPHA/2+1)!\n");
 
     printf("w1 = ((");
@@ -189,7 +189,8 @@ int main(void) {
     printf("w0 = ((");
     for(j = 0; j < K; ++j) {
       for(k = 0; k < N; ++k) {
-        u = w0.vec[j].coeffs[k] - Q;
+        u = w0.vec[j].coeffs[k];
+        if(u > (Q-1)/2) u -= Q;
         printf("%7d", u);
         if(k < N-1) printf(", ");
         else if(j < K-1) printf("),\n      (");
@@ -220,9 +221,8 @@ int main(void) {
 
     if(polyveck_chknorm(&t1, 512))
       fprintf(stderr, "ERROR in polyveck_chknorm(&t1, 512)!\n");
-    h = t0;
-    polyveck_csubq(&h);
-    if(polyveck_chknorm(&h, (1U << (D-1)) + 1))
+    polyveck_csubq(&t0);
+    if(polyveck_chknorm(&t0, (1U << (D-1)) + 1))
       fprintf(stderr, "ERROR in polyveck_chknorm(&t0, 1 << (D-1) + 1)!\n");
 
     printf("t1 = ((");
@@ -237,15 +237,16 @@ int main(void) {
     printf("t0 = ((");
     for(j = 0; j < K; ++j) {
       for(k = 0; k < N; ++k) {
-        u = t0.vec[j].coeffs[k] - Q;
+        u = t0.vec[j].coeffs[k];
+        if(u > (Q-1)/2) u -= Q;
         printf("%5d", u);
         if(k < N-1) printf(", ");
         else if(j < K-1) printf("),\n      (");
         else printf(")\n");
       }
     }
 
-    challenge(&c, seed, &w); //FIXME: w1
+    challenge(&c, seed, &w1);
     printf("c = (");
     for(j = 0; j < N; ++j) {
       u = c.coeffs[j];
@@ -257,10 +258,12 @@ int main(void) {
 
     polyveck_make_hint(&h, &w0, &w1);
     pack_sig(buf, &y, &h, &c);
-    unpack_sig(&y, &h, &tmp, buf);
+    unpack_sig(&y, &w, &tmp, buf);
     for(j = 0; j < N; j++)
       if(c.coeffs[j] != tmp.coeffs[j])
         fprintf(stderr, "ERROR in (un)pack_sig!\n");
+    if(memcmp(&h,&w,sizeof(h)))
+      fprintf(stderr, "ERROR in (un)pack_sig!\n");
 
     printf("\n");
   }

ref/test/test_vectors.c

@@ -1,5 +1,6 @@
 #include <stdint.h>
 #include <stdio.h>
+#include <string.h>
 #include "../params.h"
 #include "../sign.h"
 #include "../poly.h"
@@ -124,9 +125,8 @@ int main(void) {
 
     if(polyveck_chknorm(&w1, 16))
       fprintf(stderr, "ERROR in polyveck_chknorm(&w1, 16)!\n");
-    h = w0;
-    polyveck_csubq(&h);
-    if(polyveck_chknorm(&h, ALPHA/2+1))
+    polyveck_csubq(&w0);
+    if(polyveck_chknorm(&w0, ALPHA/2+1))
       fprintf(stderr, "ERROR in polyveck_chknorm(&w0 ,ALPHA/2+1)!\n");
 
     printf("w1 = ((");
@@ -141,7 +141,8 @@ int main(void) {
     printf("w0 = ((");
     for(j = 0; j < K; ++j) {
       for(k = 0; k < N; ++k) {
-        u = w0.vec[j].coeffs[k] - Q;
+        u = w0.vec[j].coeffs[k];
+        if(u > (Q-1)/2) u -= Q;
         printf("%7d", u);
         if(k < N-1) printf(", ");
         else if(j < K-1) printf("),\n      (");
@@ -172,9 +173,8 @@ int main(void) {
 
     if(polyveck_chknorm(&t1, 512))
       fprintf(stderr, "ERROR in polyveck_chknorm(&t1, 512)!\n");
-    h = t0;
-    polyveck_csubq(&h);
-    if(polyveck_chknorm(&h, (1U << (D-1)) + 1))
+    polyveck_csubq(&t0);
+    if(polyveck_chknorm(&t0, (1U << (D-1)) + 1))
       fprintf(stderr, "ERROR in polyveck_chknorm(&t0, 1 << (D-1) + 1)!\n");
 
     printf("t1 = ((");
@@ -189,15 +189,16 @@ int main(void) {
     printf("t0 = ((");
     for(j = 0; j < K; ++j) {
       for(k = 0; k < N; ++k) {
-        u = t0.vec[j].coeffs[k] - Q;
+        u = t0.vec[j].coeffs[k];
+        if(u > (Q-1)/2) u -= Q;
         printf("%5d", u);
         if(k < N-1) printf(", ");
         else if(j < K-1) printf("),\n      (");
         else printf(")\n");
       }
     }
 
-    challenge(&c, seed, &w); //FIXME: w1
+    challenge(&c, seed, &w1);
     printf("c = (");
     for(j = 0; j < N; ++j) {
       u = c.coeffs[j];
@@ -209,10 +210,12 @@ int main(void) {
 
     polyveck_make_hint(&h, &w0, &w1);
     pack_sig(buf, &y, &h, &c);
-    unpack_sig(&y, &h, &tmp, buf);
+    unpack_sig(&y, &w, &tmp, buf);
     for(j = 0; j < N; j++)
       if(c.coeffs[j] != tmp.coeffs[j])
         fprintf(stderr, "ERROR in (un)pack_sig!\n");
+    if(memcmp(&h,&w,sizeof(h)))
+      fprintf(stderr, "ERROR in (un)pack_sig!\n");
 
     printf("\n");
   }