VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information: Introduction eBASH eBASC eBAEAD eBATS SUPERCOP XBX Computers
How to submit new software: Hash functions Stream ciphers Auth ciphers DH functions Public-key encryption Public-key signatures
List of primitives measured: SHA-3 finalists All hash functions Stream ciphers CAESAR candidates All auth ciphers DH functions Public-key encryption Public-key signatures
Measurements indexed by machine: SHA-3 finalists All hash functions Stream ciphers CAESAR candidates All auth ciphers DH functions Public-key encryption Public-key signatures

Call for public-key encryption software for benchmarking

Are you a designer or implementor of a public-key cryptosystem? Would you like your software professionally benchmarked on many computers, producing stable, reliable, verifiable timings that reflect the performance that cryptosystem users will see? This page explains how to submit your software to the eBATS project. Formal submission requirements have been kept to a minimum, but your software needs to follow a few naming conventions so that it can be benchmarked by SUPERCOP.

There is a separate page listing the cryptosystems submitted so far, and another page reporting measurements of those cryptosystems. Note that the eBATS project also includes public-key signature systems and Diffie–Hellman systems.

Example for designers: submitting the Stinger system

Let's say you're the designer of Stinger, a cryptosystem with a 2048-bit secret key and a 512-bit public key, and you want to submit your Stinger software to eBATS. Your submission can be as simple as two files, crypto_encrypt/stinger/ref/api.h and crypto_encrypt/stinger/ref/encrypt.c. Here is an explanation of what these files contain and what additional options you have.

The top-level directory name crypto_encrypt is required; it distinguishes public-key encryption from other operations benchmarked by SUPERCOP, such as crypto_hash and crypto_sign.

The second-level directory name stinger should be a lowercase version of your system's name. Please omit dashes, dots, slashes, and other punctuation marks; the directory name should consist solely of digits (0123456789) and lowercase ASCII letters (abcdefghijklmnopqrstuvwxyz).

Different cryptosystems must be placed into different second-level directories, even if they are part of the same "family" of systems. For example, crypto_encrypt/ronald2048 is separate from crypto_encrypt/ronald4096. One submission tarball can include several cryptosystems in separate directories. Directory names may be changed by the eBATS managers to resolve conflicts or confusion.

The third-level directory name ref is up to you. Different implementations must be placed into different third-level directories. You can use subdirectories here; for example, crypto_encrypt/stinger/ref might be a reference implementation, crypto_encrypt/stinger/smith/little might be John Smith's little-endian implementation, and crypto_encrypt/stinger/smith/sse3 might be John Smith's SSE3-optimized implementation. One submission tarball can include several implementations.

After choosing the implementation name crypto_encrypt/stinger/ref, create a directory by that name. Inside the crypto_encrypt/stinger/ref directory, create a file named api.h with three lines

     #define CRYPTO_SECRETKEYBYTES 256
     #define CRYPTO_PUBLICKEYBYTES 64
     #define CRYPTO_BYTES 48
indicating that your software uses a 256-byte (2048-bit) secret key, a 64-byte (512-bit) public key, and at most 48 bytes of overhead in a encrypted message compared to the original message. You can also add a line
     #define CRYPTO_VERSION "3.01a"
indicating that this is version 3.01a of your software; SUPERCOP will report this information in its database of measurements. You can also add further lines defining macros and declaring functions with names starting crypto_encrypt_stinger_ref_.

Next, inside the crypto_encrypt/stinger/ref directory, create a file named encrypt.c that defines the following three functions:

     int crypto_encrypt_stinger_ref_keypair(
       unsigned char *pk,
       unsigned char *sk
     )
     {
       ... 
       ... the code for your Stinger implementation goes here,
       ... generating public key pk[0],pk[1],...
       ... and secret key sk[0],sk[1],...
       ...
       return 0;
     }
     
     int crypto_encrypt_stinger_ref(
       unsigned char *c,unsigned long long *clen,
       const unsigned char *m,unsigned long long mlen,
       const unsigned char *pk
     )
     {
       ... 
       ... the code for your Stinger implementation goes here,
       ... generating a ciphertext c[0],c[1],...,c[*clen-1]
       ... from a plaintext m[0],m[1],...,m[mlen-1]
       ... using public key pk[0],pk[1],...
       ...
       return 0;
     }

     int crypto_encrypt_stinger_ref_open(
       unsigned char *m,unsigned long long *mlen,
       const unsigned char *c,unsigned long long clen,
       const unsigned char *sk
     )
     {
       ... 
       ... the code for your Stinger implementation goes here,
       ... decrypting a ciphertxt c[0],c[1],...,c[clen-1]
       ... under secret key sk[0],sk[1],...
       ... and producing plaintext m[0],m[1],...,m[*mlen-1]
       ...
       return 0;
     }
Your functions must have exactly the prototypes shown here. For example, the keypair function must have an unsigned char pointer for the public-key output and then an unsigned char pointer for the secret-key output. Your functions must return 0 to indicate success, -1 to indicate invalid ciphertexts, or other negative numbers to indicate other failures (e.g., out of memory).

You can instead define your functions as follows:

     #include "crypto_encrypt.h"

     int crypto_encrypt_keypair(
       unsigned char *pk,
       unsigned char *sk
     )
     {
       ... 
     }

     int crypto_encrypt(
       unsigned char *c,unsigned long long *clen,
       const unsigned char *m,unsigned long long mlen,
       const unsigned char *pk
     )
     {
       ...
     }

     int crypto_encrypt_open(
       unsigned char *m,unsigned long long *mlen,
       const unsigned char *c,unsigned long long clen,
       const unsigned char *sk
     )
     {
       ...
     }
The file crypto_encrypt.h is not something for you to write; it is created automatically by SUPERCOP. It contains various macros such as
     #define crypto_encrypt crypto_encrypt_stinger_ref
     #define crypto_encrypt_open crypto_encrypt_stinger_ref_open
     #define crypto_encrypt_keypair crypto_encrypt_stinger_ref_keypair
     #define crypto_encrypt_SECRETKEYBYTES crypto_encrypt_stinger_ref_SECRETKEYBYTES
     #define crypto_encrypt_PUBLICKEYBYTES crypto_encrypt_stinger_ref_PUBLICKEYBYTES
     #define crypto_encrypt_BYTES crypto_encrypt_stinger_ref_BYTES
and a function declaration that will catch errors in the prototypes of crypto_encrypt etc.

You can use names other than encrypt.c. You can split your code across several files *.c defining various auxiliary functions; the files will be automatically compiled together. Instead of encrypt.c you can write encrypt.cc or encrypt.cpp in C++ or encrypt.s or encrypt.S in assembly language. Your implementation is allowed to be unportable; if it doesn't compile on a particular computer, SUPERCOP will skip it and select a different implementation for that computer.

Finally, create a tarball such as stinger-ref-3.01a.tar.gz that contains your crypto_encrypt/stinger/ref/api.h, crypto_encrypt/stinger/ref/encrypt.c, etc. Put the tarball on the web, and send the URL to the eBACS/eBATS/eBASC/eBASH mailing list with a note requesting inclusion in SUPERCOP and subsequent benchmarking.

Example for implementors: submitting a new McEliece implementation

Submitting a new implementation of an existing encryption system is just like submitting a new encryption system. You simply have to put the new implementation into a new third-level directory under the same second-level directory.

For example, SUPERCOP already includes crypto_encrypt/mceliece/ref, an implementation of a particular variant of the McEliece cryptosystem. You can submit another implementation such as crypto_encrypt/mceliece/smith/sse3 in the same way that the designer of Stinger can submit crypto_encrypt/stinger/ref; by using the existing name mceliece you indicate that your software implements exactly the same cryptosystem.

Additional documentation

Submitters are encouraged to include additional files such as README or documentation.pdf with references, intellectual-property information, descriptions of the software, etc. These files do not interact with SUPERCOP's benchmarking but are often of interest for human readers.

In particular, submitters are encouraged to clearly specify one of the following levels of copyright protection:

Submitters are also encouraged to clearly specify one of the following levels of patent protection: No matter what the copyright status is, and no matter what the patent status is, all software included in SUPERCOP will be distributed to the public to ensure verifiability of benchmark results. The submitter must ensure before submission that publication is legal.

Version

This is version 2010.09.04 of the call-encrypt.html web page. This web page is in the public domain.