RFR: 8288047: Accelerate Poly1305 on x86_64 using AVX512 instructions [v11]

Volodymyr Paprotski duke at openjdk.org
Thu Nov 10 03:09:43 UTC 2022 

On Thu, 10 Nov 2022 01:22:04 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

>> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16 message blocks at a time. For more details, left a lot of comments in `macroAssembler_x86_poly.cpp`.
>> 
>> - Added new KAT test for Poly1305 and a fuzz test to compare intrinsic and java.
>>   - Would like to add an `InvalidKeyException` in `Poly1305.java` (see commented out block in that file), but that conflicts with the KAT. I do think we should detect (R==0 || S ==0) so would like advice please.
>> - Added a JMH perf test.
>>    - JMH test had to use reflection (instead of existing `MacBench.java`), since Poly1305 is not 'properly' registered with the provider.
>> 
>> Perf before:
>> 
>> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score        Error  Units
>> Poly1305DigestBench.digest          64              thrpt    8  2961300.661 ± 110554.162  ops/s
>> Poly1305DigestBench.digest         256              thrpt    8  1791912.962 ±  86696.037  ops/s
>> Poly1305DigestBench.digest        1024              thrpt    8   637413.054 ±  14074.655  ops/s
>> Poly1305DigestBench.digest       16384              thrpt    8    48762.991 ±    390.921  ops/s
>> Poly1305DigestBench.digest     1048576              thrpt    8      769.872 ±      1.402  ops/s
>> 
>> and after:
>> 
>> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score        Error  Units
>> Poly1305DigestBench.digest          64              thrpt    8  2841243.668 ± 154528.057  ops/s
>> Poly1305DigestBench.digest         256              thrpt    8  1662003.873 ±  95253.445  ops/s
>> Poly1305DigestBench.digest        1024              thrpt    8  1770028.718 ± 100847.766  ops/s
>> Poly1305DigestBench.digest       16384              thrpt    8   765547.287 ±  25883.825  ops/s
>> Poly1305DigestBench.digest     1048576              thrpt    8    14508.458 ±     56.147  ops/s
>
> Volodymyr Paprotski has updated the pull request incrementally with one additional commit since the last revision:
> 
>   fix windows and 32b linux builds

Revised numbers with `getLimbs()` interface change. Compared to previous version that got limbs in IR, change is within deviation.. (mostly -1%)
datasize | master | optimized | disabled | opt/mst | dis/mst
-- | -- | -- | -- | -- | --
32 | 3218169 | 3651078 | 3116558 | 1.13 | 0.97
64 | 2858030 | 3407518 | 2824903 | 1.19 | 0.99
128 | 2396796 | 3357224 | 2394802 | 1.40 | 1.00
256 | 1780679 | 3050142 | 1751130 | 1.71 | 0.98
512 | 1168824 | 2938952 | 1148479 | 2.51 | 0.98
1024 | 648772.1 | 2728454 | 687016.7 | 4.21 | 1.06
2048 | 357009 | 2393507 | 392928.2 | 6.70 | 1.10
16384 | 48854.33 | 903175.4 | 52874.78 | 18.49 | 1.08
1048576 | 771.461 | 14951.24 | 840.792 | 19.38 | 1.09

-------------

PR: https://git.openjdk.org/jdk/pull/10582

More information about the security-dev mailing list