chacha20: add AVX-512 RNG implementation

riptl · ripatel-fd · commit 3302e43212af · 2025-08-08T00:28:37.000Z
diff --git a/src/ballet/chacha20/Local.mk b/src/ballet/chacha20/Local.mk
@@ -1,6 +1,10 @@
 $(call add-hdrs,fd_chacha20.h fd_chacha20rng.h)
 $(call add-objs,fd_chacha20rng,fd_ballet)
 
+ifdef FD_HAS_AVX512
+$(call add-objs,fd_chacha20_avx512,fd_ballet)
+endif
+
 ifdef FD_HAS_AVX
 $(call add-objs,fd_chacha20_avx,fd_ballet)
 endif
diff --git a/src/ballet/chacha20/fd_chacha20_avx.c b/src/ballet/chacha20/fd_chacha20_avx.c
@@ -9,17 +9,13 @@
 static inline __attribute__((always_inline)) wu_t
 wu_rol8( wu_t x ) {
   wb_t const mask =
-    wb( 3,0,1,2, 7,4,5,6, 11,8,9,10,  15,12,13,14,
-        3,0,1,2, 7,4,5,6, 11,8,9,10,  15,12,13,14 );
+    wb_bcast_hex( 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 );
   return _mm256_shuffle_epi8( x, mask );
 }
 
 void
 fd_chacha20rng_refill_avx( fd_chacha20rng_t * rng ) {
 
-  /* This function should only be called if the buffer is empty. */
-  assert( rng->buf_off == rng->buf_fill );
-
   wu_t iv0  = wu_bcast( 0x61707865U );
   wu_t iv1  = wu_bcast( 0x3320646eU );
   wu_t iv2  = wu_bcast( 0x79622d32U );
@@ -105,7 +101,8 @@ fd_chacha20rng_refill_avx( fd_chacha20rng_t * rng ) {
 
   /* Update ring buffer */
 
-  uint * out = (uint *)rng->buf;
+  ulong  slot = rng->buf_fill % (8*FD_CHACHA20_BLOCK_SZ);
+  uint * out  = (uint *)rng->buf + (slot*2*FD_CHACHA20_BLOCK_SZ);
   wu_st( out+0x00, c0 ); wu_st( out+0x08, c8 );
   wu_st( out+0x10, c1 ); wu_st( out+0x18, c9 );
   wu_st( out+0x20, c2 ); wu_st( out+0x28, cA );
diff --git a/src/ballet/chacha20/fd_chacha20_avx512.c b/src/ballet/chacha20/fd_chacha20_avx512.c
@@ -0,0 +1,121 @@
+#include "fd_chacha20rng.h"
+#include "../../util/simd/fd_avx512.h"
+#include <assert.h>
+
+#define wwu_rol16(a) wwb_exch_adj_pair( (a) )
+#define wwu_rol12(a) wwu_rol( (a), 12 )
+#define wwu_rol7(a)  wwu_rol( (a),  7 )
+
+static inline __attribute__((always_inline)) wwu_t
+wwu_rol8( wwu_t x ) {
+  wwb_t const mask =
+    wwb_bcast_hex( 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 );
+  return _mm512_shuffle_epi8( x, mask );
+}
+
+void
+fd_chacha20rng_refill_avx512( fd_chacha20rng_t * rng ) {
+
+  /* This function should only be called if the buffer is empty. */
+  if( FD_UNLIKELY( rng->buf_off != rng->buf_fill ) ) {
+    FD_LOG_CRIT(( "refill out of sync: buf_off=%lu buf_fill=%lu", rng->buf_off, rng->buf_fill ));
+  }
+
+  wwu_t iv0  = wwu_bcast( 0x61707865U );
+  wwu_t iv1  = wwu_bcast( 0x3320646eU );
+  wwu_t iv2  = wwu_bcast( 0x79622d32U );
+  wwu_t iv3  = wwu_bcast( 0x6b206574U );
+  wwu_t zero = wwu_zero();
+
+  /* Unpack key equivalent to:
+
+       c4 = wwu_bcast( (uint const *)(rng->key)[0] );
+       c5 = wwu_bcast( (uint const *)(rng->key)[1] );
+       ...
+       cB = wwu_bcast( (uint const *)(rng->key)[7] ); */
+
+  wwu_t key_lo = _mm512_broadcast_i32x4( _mm_load_epi32( rng->key    ) );  /* [0,1,2,3,0,1,2,3] */
+  wwu_t key_hi = _mm512_broadcast_i32x4( _mm_load_epi32( rng->key+16 ) );  /* [4,5,6,7,4,5,6,7] */
+  wwu_t k0 = _mm512_shuffle_epi32( key_lo, 0x00 );
+  wwu_t k1 = _mm512_shuffle_epi32( key_lo, 0x55 );
+  wwu_t k2 = _mm512_shuffle_epi32( key_lo, 0xaa );
+  wwu_t k3 = _mm512_shuffle_epi32( key_lo, 0xff );
+  wwu_t k4 = _mm512_shuffle_epi32( key_hi, 0x00 );
+  wwu_t k5 = _mm512_shuffle_epi32( key_hi, 0x55 );
+  wwu_t k6 = _mm512_shuffle_epi32( key_hi, 0xaa );
+  wwu_t k7 = _mm512_shuffle_epi32( key_hi, 0xff );
+
+  /* Derive block index */
+
+  ulong idx = rng->buf_fill / FD_CHACHA20_BLOCK_SZ;  /* really a right shift */
+  wwu_t idxs = wwu_add( wwu_bcast( idx ), wwu( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 ) );
+
+  /* Run through the round function */
+
+  wwu_t c0 = iv0;   wwu_t c1 = iv1;   wwu_t c2 = iv2;   wwu_t c3 = iv3;
+  wwu_t c4 = k0;    wwu_t c5 = k1;    wwu_t c6 = k2;    wwu_t c7 = k3;
+  wwu_t c8 = k4;    wwu_t c9 = k5;    wwu_t cA = k6;    wwu_t cB = k7;
+  wwu_t cC = idxs;  wwu_t cD = zero;  wwu_t cE = zero;  wwu_t cF = zero;
+
+# define QUARTER_ROUND(a,b,c,d)                                   \
+  do {                                                            \
+    a = wwu_add( a, b ); d = wwu_xor( d, a ); d = wwu_rol16( d ); \
+    c = wwu_add( c, d ); b = wwu_xor( b, c ); b = wwu_rol12( b ); \
+    a = wwu_add( a, b ); d = wwu_xor( d, a ); d = wwu_rol8( d );  \
+    c = wwu_add( c, d ); b = wwu_xor( b, c ); b = wwu_rol7( b );  \
+  } while(0)
+
+  for( ulong i=0UL; i<10UL; i++ ) {
+    QUARTER_ROUND( c0, c4, c8, cC );
+    QUARTER_ROUND( c1, c5, c9, cD );
+    QUARTER_ROUND( c2, c6, cA, cE );
+    QUARTER_ROUND( c3, c7, cB, cF );
+    QUARTER_ROUND( c0, c5, cA, cF );
+    QUARTER_ROUND( c1, c6, cB, cC );
+    QUARTER_ROUND( c2, c7, c8, cD );
+    QUARTER_ROUND( c3, c4, c9, cE );
+  }
+# undef QUARTER_ROUND
+
+  /* Finalize */
+
+  c0 = wwu_add( c0, iv0  );
+  c1 = wwu_add( c1, iv1  );
+  c2 = wwu_add( c2, iv2  );
+  c3 = wwu_add( c3, iv3  );
+  c4 = wwu_add( c4, k0   );
+  c5 = wwu_add( c5, k1   );
+  c6 = wwu_add( c6, k2   );
+  c7 = wwu_add( c7, k3   );
+  c8 = wwu_add( c8, k4   );
+  c9 = wwu_add( c9, k5   );
+  cA = wwu_add( cA, k6   );
+  cB = wwu_add( cB, k7   );
+  cC = wwu_add( cC, idxs );
+  //cD = wwu_add( cD, zero );
+  //cE = wwu_add( cE, zero );
+  //cF = wwu_add( cF, zero );
+
+  /* Transpose matrix to get output vector */
+
+  wwu_transpose_16x16( c0, c1, c2, c3, c4, c5, c6, c7,
+                       c8, c9, cA, cB, cC, cD, cE, cF,
+                       c0, c1, c2, c3, c4, c5, c6, c7,
+                       c8, c9, cA, cB, cC, cD, cE, cF );
+
+  /* Update ring buffer */
+
+  uint * out = (uint *)rng->buf;
+  wwu_st( out+0x00, c0 ); wwu_st( out+0x10, c1 );
+  wwu_st( out+0x20, c2 ); wwu_st( out+0x30, c3 );
+  wwu_st( out+0x40, c4 ); wwu_st( out+0x50, c5 );
+  wwu_st( out+0x60, c6 ); wwu_st( out+0x70, c7 );
+  wwu_st( out+0x80, c8 ); wwu_st( out+0x90, c9 );
+  wwu_st( out+0xa0, cA ); wwu_st( out+0xb0, cB );
+  wwu_st( out+0xc0, cC ); wwu_st( out+0xd0, cD );
+  wwu_st( out+0xe0, cE ); wwu_st( out+0xf0, cF );
+
+  /* Update ring descriptor */
+
+  rng->buf_fill += 16*FD_CHACHA20_BLOCK_SZ;
+}
diff --git a/src/ballet/chacha20/fd_chacha20rng.c b/src/ballet/chacha20/fd_chacha20rng.c
@@ -68,13 +68,6 @@ fd_chacha20rng_init( fd_chacha20rng_t * rng,
   return rng;
 }
 
-#if FD_HAS_AVX
-
-void
-fd_chacha20rng_refill_avx( fd_chacha20rng_t * rng );
-
-#else
-
 void
 fd_chacha20rng_refill_seq( fd_chacha20rng_t * rng ) {
   ulong fill_target = FD_CHACHA20RNG_BUFSZ - FD_CHACHA20_BLOCK_SZ;
@@ -90,5 +83,3 @@ fd_chacha20rng_refill_seq( fd_chacha20rng_t * rng ) {
     rng->buf_fill += (uint)FD_CHACHA20_BLOCK_SZ;
   }
 }
-
-#endif
diff --git a/src/ballet/chacha20/fd_chacha20rng.h b/src/ballet/chacha20/fd_chacha20rng.h
@@ -26,7 +26,9 @@
 /* FD_CHACHA20RNG_BUFSZ is the internal buffer size of pre-generated
    ChaCha20 blocks.  Multiple of block size (64 bytes) and a power of 2. */
 
-#if FD_HAS_AVX
+#if FD_HAS_AVX512
+#define FD_CHACHA20RNG_BUFSZ (16*FD_CHACHA20_BLOCK_SZ)
+#elif FD_HAS_AVX
 #define FD_CHACHA20RNG_BUFSZ (8*FD_CHACHA20_BLOCK_SZ)
 #else
 #define FD_CHACHA20RNG_BUFSZ (256UL)
@@ -116,15 +118,24 @@ fd_chacha20rng_t *
 fd_chacha20rng_init( fd_chacha20rng_t * rng,
                      void const *       key );
 
-/* The refill function .  Not part of the public API. */
+/* The refill function.  Not part of the public API. */
 
+#if FD_HAS_AVX512
+void
+fd_chacha20rng_refill_avx512( fd_chacha20rng_t * rng );
+#endif
+
+#if FD_HAS_AVX
 void
 fd_chacha20rng_refill_avx( fd_chacha20rng_t * rng );
+#endif
 
 void
 fd_chacha20rng_refill_seq( fd_chacha20rng_t * rng );
 
-#if FD_HAS_AVX
+#if FD_HAS_AVX512
+#define fd_chacha20rng_private_refill fd_chacha20rng_refill_avx512
+#elif FD_HAS_AVX
 #define fd_chacha20rng_private_refill fd_chacha20rng_refill_avx
 #else
 #define fd_chacha20rng_private_refill fd_chacha20rng_refill_seq
diff --git a/src/ballet/chacha20/test_chacha20rng.c b/src/ballet/chacha20/test_chacha20rng.c
@@ -50,35 +50,42 @@ main( int     argc,
     double gbps    = ((double)(8UL*sizeof(ulong)*iter)) / ((double)dt);
     double ulongps = ((double)iter / (double)dt) * 1000.0;
     double ns      = (double)dt / (double)iter;
-    FD_LOG_NOTICE(( "  ~%6.3f Gbps            / core", gbps    ));
+    FD_LOG_NOTICE(( "  ~%7.3f Gbps            / core", gbps    ));
     FD_LOG_NOTICE(( "  ~%6.3f Mulong / second / core", ulongps ));
     FD_LOG_NOTICE(( "  ~%6.3f ns / ulong",             ns      ));
   } while(0);
 
-# if FD_HAS_AVX
-  do {
-    FD_LOG_NOTICE(( "Benchmarking fd_chacha20rng_refill_avx" ));
-    key[ 0 ]++;
-    FD_TEST( fd_chacha20rng_init( rng, key ) );
-
-    /* warmup */
-    for( ulong rem=100000UL; rem; rem-- ) {
-      rng->buf_off += 8*FD_CHACHA20_BLOCK_SZ;
-      fd_chacha20rng_refill_avx( rng );
-    }
-
-    /* for real */
-    ulong iter = 1000000UL;
-    long  dt   = -fd_log_wallclock();
-    for( ulong rem=iter; rem; rem-- ) {
-      rng->buf_off += 8*FD_CHACHA20_BLOCK_SZ;
-      fd_chacha20rng_refill_avx( rng );
-    }
-    dt += fd_log_wallclock();
-    double gbps  = ((double)(8UL*8UL*FD_CHACHA20_BLOCK_SZ*iter)) / ((double)dt);
-    FD_LOG_NOTICE(( "  ~%6.3f Gbps / core", gbps    ));
+#define REFILL_TEST( name, stride )                                    \
+  do {                                                                 \
+    FD_LOG_NOTICE(( "Benchmarking " #name ));                          \
+    key[ 0 ]++;                                                        \
+    FD_TEST( fd_chacha20rng_init( rng, key ) );                        \
+                                                                       \
+    /* warmup */                                                       \
+    for( ulong rem=100000UL; rem; rem-- ) {                            \
+      rng->buf_off += (stride);                                        \
+      name( rng );                                                     \
+    }                                                                  \
+                                                                       \
+    /* for real */                                                     \
+    ulong iter = 1000000UL;                                            \
+    long  dt   = -fd_log_wallclock();                                  \
+    for( ulong rem=iter; rem; rem-- ) {                                \
+      rng->buf_off += (stride);                                        \
+      name( rng );                                                     \
+    }                                                                  \
+    dt += fd_log_wallclock();                                          \
+    double gbps = ((double)(8UL*(stride)*iter)) / ((double)dt);        \
+    FD_LOG_NOTICE(( "  ~%7.3f Gbps / core", gbps ));                   \
   } while(0);
-# endif /* FD_HAS_AVX */
+
+# if FD_HAS_AVX512
+  REFILL_TEST( fd_chacha20rng_refill_avx512, 16*FD_CHACHA20_BLOCK_SZ );
+# endif
+# if FD_HAS_AVX
+  REFILL_TEST( fd_chacha20rng_refill_avx,     8*FD_CHACHA20_BLOCK_SZ );
+# endif
+  REFILL_TEST( fd_chacha20rng_refill_seq,     1*FD_CHACHA20_BLOCK_SZ );
 
   /* Clean up */
 

Original file line number	Diff line number	Diff line change
`@@ -68,13 +68,6 @@ fd_chacha20rng_init( fd_chacha20rng_t * rng,`
`68`	`68`	`return rng;`
`69`	`69`	`}`
`70`	`70`
`71`		`-#if FD_HAS_AVX`
`72`		`-`
`73`		`-void`
`74`		`-fd_chacha20rng_refill_avx( fd_chacha20rng_t * rng );`
`75`		`-`
`76`		`-#else`
`77`		`-`
`78`	`71`	`void`
`79`	`72`	`fd_chacha20rng_refill_seq( fd_chacha20rng_t * rng ) {`
`80`	`73`	`ulong fill_target = FD_CHACHA20RNG_BUFSZ - FD_CHACHA20_BLOCK_SZ;`
`@@ -90,5 +83,3 @@ fd_chacha20rng_refill_seq( fd_chacha20rng_t * rng ) {`
`90`	`83`	`rng->buf_fill += (uint)FD_CHACHA20_BLOCK_SZ;`
`91`	`84`	`}`
`92`	`85`	`}`
`93`		`-`
`94`		`-#endif`