Add AVX512VL-Optimized SHA3/SHAKE Implementations (#2167)

* Add SHA3-256/384/512 and SHAKE128/256 AVX512VL implementations

Co-authored-by: Tomasz Kantecki <[email protected]>
Co-authored-by: Erdinc Ozturk <[email protected]>
Signed-off-by: Marcel Cornu <[email protected]>
Signed-off-by: Tomasz Kantecki <[email protected]>

* AVX512VL SHA3 is added as an extension of XKCP implementation

Co-authored-by: Marcel Cornu <[email protected]>
Signed-off-by: Tomasz Kantecki <[email protected]>
Signed-off-by: Marcel Cornu <[email protected]>

* Add SHA3-384 tests

Signed-off-by: Marcel Cornu <[email protected]>

* Update namespace test to include SHA3

Signed-off-by: Marcel Cornu <[email protected]>

* Release SHA3 context after triggering dispatcher

Signed-off-by: Marcel Cornu <[email protected]>

* Add linux CI for OQS_USE_SHA3_AVX512VL=OFF config

Signed-off-by: Marcel Cornu <[email protected]>

* Add AVX512 emulation to linux CI

Signed-off-by: Marcel Cornu <[email protected]>

---------

Signed-off-by: Marcel Cornu <[email protected]>
Signed-off-by: Tomasz Kantecki <[email protected]>
Co-authored-by: Tomasz Kantecki <[email protected]>
Co-authored-by: Erdinc Ozturk <[email protected]>

Author: 3 people

.CMake/alg_support.cmake

@@ -78,6 +78,13 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
 endif()
 endif()
 
+# SHA3 AVX512VL only supported on Linux x86_64
+if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND (OQS_DIST_X86_64_BUILD OR OQS_USE_AVX512_INSTRUCTIONS))
+    cmake_dependent_option(OQS_USE_SHA3_AVX512VL "Enable SHA3 AVX512VL usage" ON "NOT OQS_USE_SHA3_OPENSSL" OFF)
+else()
+    option(OQS_USE_SHA3_AVX512VL "Enable SHA3 AVX512VL usage" OFF)
+endif()
+
 # BIKE is not supported on Windows, 32-bit ARM, X86, S390X (big endian) and PPC64 (big endian)
 cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
 # BIKE doesn't work on any 32-bit platform

.github/workflows/linux.yml

@@ -112,6 +112,11 @@ jobs:
             container: openquantumsafe/ci-ubuntu-latest:latest
             CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
             PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
+          - name: noble-no-sha3-avx512vl
+            runner: ubuntu-latest
+            container: openquantumsafe/ci-ubuntu-latest:latest
+            CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF
+            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
     runs-on: ${{ matrix.runner }}
     container:
       image: ${{ matrix.container }}
@@ -271,3 +276,36 @@ jobs:
       - name: Build
         run: scan-build --status-bugs ninja
         working-directory: build
+
+  linux_x86_emulated:
+    runs-on: ubuntu-latest
+    container:
+      image: openquantumsafe/ci-ubuntu-latest:latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: avx512-ml-kem_ml-dsa
+            SDE_ARCH: -skx
+            CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87"
+            PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py
+    env:
+      SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
+      - name: Setup Intel SDE
+        run: |
+          wget -O sde.tar.xz "$SDE_URL" && \
+            mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \
+            echo "$(pwd)/sde" >> $GITHUB_PATH
+      - name: Configure
+        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
+      - name: Build
+        run: ninja
+        working-directory: build
+      - name: Run tests
+        timeout-minutes: 60
+        run: |
+          mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \
+            python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}

src/common/CMakeLists.txt

@@ -61,14 +61,19 @@ else()
 endif()
 
 if(${OQS_USE_SHA3_OPENSSL})
-  if (${OQS_ENABLE_SHA3_xkcp_low})
-    add_subdirectory(sha3/xkcp_low)
-  endif()
+    if (${OQS_ENABLE_SHA3_xkcp_low})
+        add_subdirectory(sha3/xkcp_low)
+    endif()
     set(SHA3_IMPL sha3/ossl_sha3.c sha3/ossl_sha3x4.c)
     set(OSSL_HELPERS ossl_helpers.c)
 else() # using XKCP
     add_subdirectory(sha3/xkcp_low)
     set(SHA3_IMPL sha3/xkcp_sha3.c sha3/xkcp_sha3x4.c)
+    if(OQS_USE_SHA3_AVX512VL)
+      # also build avx512vl modules
+      add_subdirectory(sha3/avx512vl_low)
+      list(APPEND SHA3_IMPL sha3/avx512vl_sha3.c sha3/avx512vl_sha3x4.c)
+    endif()
 endif()
 
 if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
@@ -157,6 +162,11 @@ if(${OQS_ENABLE_SHA3_xkcp_low}) # using XKCP
     set(_INTERNAL_OBJS ${_INTERNAL_OBJS} ${XKCP_LOW_OBJS})
 endif()
 
+if(${OQS_USE_SHA3_AVX512VL})
+    set(_COMMON_OBJS ${_COMMON_OBJS} ${SHA3_AVX512VL_LOW_OBJS})
+    set(_INTERNAL_OBJS ${_INTERNAL_OBJS} ${SHA3_AVX512VL_LOW_OBJS})
+endif()
+
 set(_COMMON_OBJS ${_COMMON_OBJS} $<TARGET_OBJECTS:common>)
 set(COMMON_OBJS ${_COMMON_OBJS} PARENT_SCOPE)
 set(_INTERNAL_OBJS ${_INTERNAL_OBJS} $<TARGET_OBJECTS:internal>)

src/common/sha3/avx512vl_low/CMakeLists.txt

@@ -0,0 +1,14 @@
+# Copyright (c) 2025 Intel Corporation
+#
+# SPDX-License-Identifier: MIT
+
+set(_SHA3_AVX512VL_LOW_OBJS "")
+
+if(OQS_USE_SHA3_AVX512VL)
+  add_library(sha3_avx512vl_low OBJECT
+    KeccakP-1600-AVX512VL.S SHA3-AVX512VL.S KeccakP-1600-times4-AVX512VL.S SHA3-times4-AVX512VL.S)
+  set(_SHA3_AVX512VL_LOW_OBJS ${_SHA3_AVX512VL_LOW_OBJS} $<TARGET_OBJECTS:sha3_avx512vl_low>)
+endif()
+
+set(SHA3_AVX512VL_LOW_OBJS ${_SHA3_AVX512VL_LOW_OBJS} PARENT_SCOPE)
+