eBACS: ECRYPT Benchmarking of Cryptographic Systems

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project in ECRYPT's VAMPIRE lab to measure the performance of public-key systems. This page lists the public-key Diffie–Hellman secret-sharing systems covered by VAMPIRE's benchmarking tool, SUPERCOP. The page then lists implementations of these systems.

There is a separate page that lists machines and, for each machine, the measurements of these systems.

Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.

Which Diffie–Hellman systems are measured?

Primitive	Description	Designers
`claus`	Classic Diffie–Hellman secret sharing modulo a 1024-bit prime	Example for eBATS
`curve2251`	Elliptic-curve Diffie–Hellman secret sharing using a curve over a field with 2^251 elements	Pierrick Gaudry (Laboratoire Lorrain de Recherche en Informatique et ses Applications) Emmanuel Thomé (Laboratoire Lorrain de Recherche en Informatique et ses Applications)
`curve25519`	Elliptic-curve Diffie–Hellman secret sharing using the curve y^2=x^3+486662x^2+x modulo 2^255-19	Daniel J. Bernstein
`ecfp256e`	Elliptic-curve Diffie–Hellman secret sharing using the twisted Edwards curve -x^2+y^2=1+dx^2y^2 modulo 2^256-587, where d= 59702978421801250797625733354188749104239349061620892363256064453045589344976	Huseyin Hisil
`ecfp256h`	Elliptic-curve Diffie–Hellman secret sharing using the Hessian curve x^3+y^3+1=53010xy modulo 2^256-587	Huseyin Hisil
`ecfp256i`	Elliptic-curve Diffie–Hellman secret sharing using the Jacobi intersection s^2+c^2=1, 3764s^2+d^2=1 modulo 2^256-587	Huseyin Hisil
`ecfp256q`	Elliptic-curve Diffie–Hellman secret sharing using the twisted Jacobi quartic curve y^2=11x^4-x^2+1 modulo 2^256-587	Huseyin Hisil
`ecfp256s`	Elliptic-curve Diffie–Hellman secret sharing using the short Weierstrass curve y^2=x^3-3x+11 modulo 2^256-587	Huseyin Hisil
`gls1271`	Galbraith, Lin, Scott: Elliptic-curve Diffie–Hellman secret sharing using (in ref3) a twist of the curve y^2=x^3-3x+44 over a field with (2^127-1)^2 elements; or (in ref4) a twist of the Edwards curve x^2+y^2=x^2y^2+42 over a field with (2^127-1)^2 elements	Michael Scott
`hector`	Hyperelliptic Curve with Two-Rank One: Diffie–Hellman secret sharing using a genus-2 hyperelliptic curve of 2-rank 1 over a field of size 2^113	Peter Birkner (Technische Universiteit Eindhoven) Peter Schwabe (Technische Universiteit Eindhoven)
`nistp256`	Elliptic-curve Diffie–Hellman secret sharing using the standard NIST P-256 elliptic curve, a curve modulo the prime 2^256-2^224+2^192+2^96-1	Yassir Nawaz (University of Waterloo) Guang Gong (University of Waterloo)
`sclaus1024`	Variant of CLAUS, using 160-bit exponents and 1024-bit modulus	Wei Dai
`sclaus2048`	Variant of CLAUS, using 224-bit exponents and 2048-bit modulus	Wei Dai
`surf2113`	Hyperelliptic-curve Diffie–Hellman secret sharing using a genus-2 curve over a field with 2^113 elements	Pierrick Gaudry (Laboratoire Lorrain de Recherche en Informatique et ses Applications) Emmanuel Thomé (Laboratoire Lorrain de Recherche en Informatique et ses Applications)
`surf127eps`	Hyperelliptic-curve Diffie–Hellman secret sharing using a genus-2 curve with complex multiplication by Q(i sqrt(5+sqrt(53))) modulo the prime 2^127-735	Pierrick Gaudry (Laboratoire Lorrain de Recherche en Informatique et ses Applications) Thomas Houtmann (École Polytechnique) Emmanuel Thomé (École Polytechnique)

Implementations

Primitive	Implementation	Authors
`claus`	`cryptopp`	Wei Dai (wrapper around Crypto++)
`claus`	`gmp`	Daniel J. Bernstein (wrapper around GMP)
`claus`	`ntl`	Daniel J. Bernstein (wrapper around NTL)
`claus`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`curve2251`	`mpfq`	Pierrick Gaudry, Laboratoire Lorrain de Recherche en Informatique et ses Applications Emmanuel Thomé, Laboratoire Lorrain de Recherche en Informatique et ses Applications
`curve2251`	`relic/amd64-avx`	Diego de Freitas Aranha, Institute of Computing, University of Campinas, Brazil Jonathan Taverne, Université de Lyon, Université Lyon1, ISFA, France Armando Faz-Hernández, Computer Science Department, CINVESTAV-IPN, Mexico Francisco Rodríguez-Henríquez, Computer Science Department, CINVESTAV-IPN, Mexico Darrel Hankerson, Auburn University, USA Julio López, Institute of Computing, University of Campinas, Brazil
`curve2251`	`relic/amd64-clmul`	Diego de Freitas Aranha, Institute of Computing, University of Campinas, Brazil Jonathan Taverne, Université de Lyon, Université Lyon1, ISFA, France Armando Faz-Hernández, Computer Science Department, CINVESTAV-IPN, Mexico Francisco Rodríguez-Henríquez, Computer Science Department, CINVESTAV-IPN, Mexico Darrel Hankerson, Auburn University, USA Julio López, Institute of Computing, University of Campinas, Brazil
`curve2251`	`relic/amd64-ssse3`	Diego de Freitas Aranha, Institute of Computing, University of Campinas, Brazil Julio López, Institute of Computing, University of Campinas, Brazil Darrel Hankerson, Auburn University, USA
`curve25519`	`mpfq`	Pierrick Gaudry, Laboratoire Lorrain de Recherche en Informatique et ses Applications Emmanuel Thomé, Laboratoire Lorrain de Recherche en Informatique et ses Applications
`curve25519`	`ref`	Daniel J. Bernstein (wrapper around crypto_scalarmult/curve25519)
`ecfp256e`	`v01/var`	Huseyin Hisil
`ecfp256e`	`v01/w8s1`	Huseyin Hisil
`ecfp256e`	`v01/w8s2`	Huseyin Hisil
`ecfp256e`	`v01/w8s4`	Huseyin Hisil
`ecfp256e`	`v01/w8s8`	Huseyin Hisil
`ecfp256h`	`v01/var`	Huseyin Hisil
`ecfp256h`	`v01/w8s1`	Huseyin Hisil
`ecfp256h`	`v01/w8s2`	Huseyin Hisil
`ecfp256h`	`v01/w8s4`	Huseyin Hisil
`ecfp256h`	`v01/w8s8`	Huseyin Hisil
`ecfp256i`	`v01/var`	Huseyin Hisil
`ecfp256i`	`v01/w8s1`	Huseyin Hisil
`ecfp256i`	`v01/w8s2`	Huseyin Hisil
`ecfp256i`	`v01/w8s4`	Huseyin Hisil
`ecfp256i`	`v01/w8s8`	Huseyin Hisil
`ecfp256q`	`v01/var`	Huseyin Hisil
`ecfp256q`	`v01/w8s1`	Huseyin Hisil
`ecfp256q`	`v01/w8s2`	Huseyin Hisil
`ecfp256q`	`v01/w8s4`	Huseyin Hisil
`ecfp256q`	`v01/w8s8`	Huseyin Hisil
`ecfp256s`	`v01/var`	Huseyin Hisil
`ecfp256s`	`v01/w8s1`	Huseyin Hisil
`ecfp256s`	`v01/w8s2`	Huseyin Hisil
`ecfp256s`	`v01/w8s4`	Huseyin Hisil
`ecfp256s`	`v01/w8s8`	Huseyin Hisil
`gls1271`	`ref4`	Michael Scott, Dublin City University
`hector`	`ref`	Peter Birkner, Technische Universiteit Eindhoven Peter Schwabe, Technische Universiteit Eindhoven
`nistp256`	`nawaz`	Yassir Nawaz, University of Waterloo Guang Gong, University of Waterloo
`sclaus1024`	`cryptopp`	Wei Dai (wrapper around Crypto++)
`sclaus1024`	`gmp`	Wei Dai (wrapper around GMP)
`sclaus2048`	`cryptopp`	Wei Dai (wrapper around Crypto++)
`sclaus2048`	`gmp`	Wei Dai (wrapper around GMP)
`surf2113`	`mpfq`	Pierrick Gaudry, Laboratoire Lorrain de Recherche en Informatique et ses Applications Emmanuel Thomé, Laboratoire Lorrain de Recherche en Informatique et ses Applications
`surf127eps`	`mpfq`	Pierrick Gaudry, Laboratoire Lorrain de Recherche en Informatique et ses Applications Thomas Houtmann, École Polytechnique Emmanuel Thomé, École Polytechnique

scalarmult implementations

It is recommended for crypto_dh implementors to build crypto_dh on top of crypto_scalarmult. Here is a list of crypto_scalarmult implementations.

Primitive	Implementation	Authors
`curve25519`	`amd64-51`	Daniel J. Bernstein Niels Duif Tanja Lange lead: Peter Schwabe Bo-Yin Yang
`curve25519`	`amd64-64`	Daniel J. Bernstein Niels Duif Tanja Lange lead: Peter Schwabe Bo-Yin Yang
`curve25519`	`athlon`	Daniel J. Bernstein
`curve25519`	`costigan-schwabe/cbe`	Neil Costigan (Dublin City University) Peter Schwabe (Technische Universiteit Eindhoven)
`curve25519`	`donna`	Adam Langley (Google)
`curve25519`	`donna_c64`	Adam Langley (Google)
`curve25519`	`ref10`	D. J. Bernstein
`curve25519`	`ref`	Matthew Dempsky (Mochi Media)

Version

This is version 2012.02.21 of the primitives-dh.html web page. This web page is in the public domain.