VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information: Introduction eBASH eBASC eBAEAD eBATS SUPERCOP XBX Computers
How to submit new software: Hash functions Stream ciphers Auth ciphers DH functions Public-key encryption Public-key signatures
List of primitives measured: SHA-3 finalists All hash functions Stream ciphers CAESAR candidates All auth ciphers DH functions Public-key encryption Public-key signatures
Measurements indexed by machine: SHA-3 finalists All hash functions Stream ciphers CAESAR candidates All auth ciphers DH functions Public-key encryption Public-key signatures

List of public-key signature systems measured

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project in ECRYPT's VAMPIRE lab to measure the performance of public-key systems. This page focuses on public-key signatures; it lists the public-key signature systems covered by VAMPIRE's benchmarking tool, SUPERCOP. The page then lists implementations of these systems.

There is a separate page that lists machines and, for each machine, the measurements of these systems.

Designers and implementors interested in submitting new signature systems and new implementations of existing signature systems should read the call for submissions.

Which signature systems are measured?

PrimitiveDescriptionDesigners
3icp 3-invertible cycle with minus and prefix Jintai Ding
Christopher Wolf
Bo-Yin Yang
bls Boneh–Lynn–Shacham: Pairing-based short signatures Michael Scott (Dublin City University)
donald512 DSA signatures using a 512-bit prime Example for eBATS
donald1024 DSA signatures using a 1024-bit prime Example for eBATS
donald2048 DSA signatures using a 2048-bit prime Example for eBATS
ecdonaldb163 ECDSA signatures using the standard NIST B-163 elliptic curve, a curve over a field of size 2^163 Example for eBATS
ecdonaldb233 ECDSA signatures using the standard NIST B-233 elliptic curve, a curve over a field of size 2^233 Example for eBATS
ecdonaldb283 ECDSA signatures using the standard NIST B-283 elliptic curve, a curve over a field of size 2^283 Example for eBATS
ecdonaldb409 ECDSA signatures using the standard NIST B-409 elliptic curve, a curve over a field of size 2^409 Example for eBATS
ecdonaldb571 ECDSA signatures using the standard NIST B-571 elliptic curve, a curve over a field of size 2^571 Example for eBATS
ecdonaldk163 ECDSA signatures using the standard NIST K-163 elliptic curve, a Koblitz curve over a field of size 2^163 Example for eBATS
ecdonaldk233 ECDSA signatures using the standard NIST K-233 elliptic curve, a Koblitz curve over a field of size 2^233 Example for eBATS
ecdonaldk283 ECDSA signatures using the standard NIST K-283 elliptic curve, a Koblitz curve over a field of size 2^283 Example for eBATS
ecdonaldk409 ECDSA signatures using the standard NIST K-409 elliptic curve, a Koblitz curve over a field of size 2^409 Example for eBATS
ecdonaldk571 ECDSA signatures using the standard NIST K-571 elliptic curve, a Koblitz curve over a field of size 2^571 Example for eBATS
ecdonaldp160 ECDSA signatures using the standard SECP160R1 elliptic curve, a curve modulo the prime 2^160-2^31-1 Example for eBATS
ecdonaldp192 ECDSA signatures using the standard NIST P-192 elliptic curve, a curve modulo the prime 2^192-2^64-1 Example for eBATS
ecdonaldp224 ECDSA signatures using the standard NIST P-224 elliptic curve, a curve modulo the prime 2^224-2^96+1 Example for eBATS
ecdonaldp256 ECDSA signatures using the standard NIST P-256 elliptic curve, a curve modulo the prime 2^256-2^224+2^192+2^96-1 Example for eBATS
ecdonaldp384 ECDSA signatures using the standard NIST P-384 elliptic curve, a curve modulo the prime 2^384-2^128-2^96+2^32-1 Example for eBATS
ecdonaldp521 ECDSA signatures using the standard NIST P-521 elliptic curve, a curve modulo the prime 2^521-1 Example for eBATS
ed25519 EdDSA signatures using Curve25519 Daniel J. Bernstein
Niels Duif
Tanja Lange
Peter Schwabe
Bo-Yin Yang
ed448goldilocks Ed448-Goldilocks sign and dh Mike Hamburg
fslwe25 A signature function based on lattices, based on "Fiat-Shamir with aborts: Applications to lattices and factoring-based signatures" at Asiacrypt'09 from Vadim Lyubashevsky.
fslwe37 A signature function based on lattices, based on "Fiat-Shamir with aborts: Applications to lattices and factoring-based signatures" at Asiacrypt'09 from Vadim Lyubashevsky.
fslwe47 A signature function based on lattices, based on "Fiat-Shamir with aborts: Applications to lattices and factoring-based signatures" at Asiacrypt'09 from Vadim Lyubashevsky.
fslwe69 A signature function based on lattices, based on "Fiat-Shamir with aborts: Applications to lattices and factoring-based signatures" at Asiacrypt'09 from Vadim Lyubashevsky.
hector Hyperelliptic Curve with Two-Rank One: Signatures using a genus-2 hyperelliptic curve of 2-rank 1 over a field of size 2^113 Peter Birkner (Technische Universiteit Eindhoven)
Peter Schwabe (Technische Universiteit Eindhoven)
lattisigns512 Tim Güneysu
Vadim Lyubashevsky
Thomas Pöppelmann
mqqsig160 mqqsig160 - 160-bit signatures based on Multivariate-Quadratic-Quasigroups Danilo Gligoroski (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Steinsmo Ødegard (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Erlend Jensen (The Norwegian University of Science and Technology (NTNU), NORWAY)
Ludovic Perret (Pierre and Marie Curie University - Paris, FRANCE)
Jean-Charles Fauge`re (Pierre and Marie Curie University - Paris, FRANCE)
Svein Johan Knapskog (The Norwegian University of Science and Technology (NTNU), NORWAY)
Smile Markovski (Ss Cyril and Methodius University - Skopje, MAKEDONIJA)

mqqsig192 mqqsig192 - 192-bit signatures based on Multivariate-Quadratic-Quasigroups Danilo Gligoroski (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Steinsmo Ødegard (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Erlend Jensen (The Norwegian University of Science and Technology (NTNU), NORWAY)
Ludovic Perret (Pierre and Marie Curie University - Paris, FRANCE)
Jean-Charles Fauge`re (Pierre and Marie Curie University - Paris, FRANCE)
Svein Johan Knapskog (The Norwegian University of Science and Technology (NTNU), NORWAY)
Smile Markovski (Ss Cyril and Methodius University - Skopje, MAKEDONIJA)

mqqsig224 mqqsig224 - 224-bit signatures based on Multivariate-Quadratic-Quasigroups Danilo Gligoroski (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Steinsmo Ødegard (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Erlend Jensen (The Norwegian University of Science and Technology (NTNU), NORWAY)
Ludovic Perret (Pierre and Marie Curie University - Paris, FRANCE)
Jean-Charles Fauge`re (Pierre and Marie Curie University - Paris, FRANCE)
Svein Johan Knapskog (The Norwegian University of Science and Technology (NTNU), NORWAY)
Smile Markovski (Ss Cyril and Methodius University - Skopje, MAKEDONIJA)

mqqsig256 mqqsig256 - 256-bit signatures based on Multivariate-Quadratic-Quasigroups Danilo Gligoroski (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Steinsmo Ødegard (The Norwegian University of Science and Technology (NTNU), NORWAY)
Rune Erlend Jensen (The Norwegian University of Science and Technology (NTNU), NORWAY)
Ludovic Perret (Pierre and Marie Curie University - Paris, FRANCE)
Jean-Charles Fauge`re (Pierre and Marie Curie University - Paris, FRANCE)
Svein Johan Knapskog (The Norwegian University of Science and Technology (NTNU), NORWAY)
Smile Markovski (Ss Cyril and Methodius University - Skopje, MAKEDONIJA)

ntrumls401x Parameters N: 401, q: 2^18, p: 3. Estimated security: 112 bits Jeff Hoffstein
Jill Pipher
John M. Schanck
Joseph H. Silverman
William Whyte
ntrumls439x Parameters N: 439, q: 2^19, p: 3. Estimated security: 128 bits Jeff Hoffstein
Jill Pipher
John M. Schanck
Joseph H. Silverman
William Whyte
ntrumls593x Parameters N: 593, q: 2^19, p: 3. Estimated security: 192 bits Jeff Hoffstein
Jill Pipher
John M. Schanck
Joseph H. Silverman
William Whyte
ntrumls743x Parameters N: 743, q: 2^20, p: 3. Estimated security: 256 bits Jeff Hoffstein
Jill Pipher
John M. Schanck
Joseph H. Silverman
William Whyte
pass769
pass863
pflash1 C*- with a prefix over GF16 designed to match SFLASH Jintai Ding
Bo-Yin Yang
rainbow Rainbow multivariate-quadratic signatures Jintai Ding (University of Cincinnati)
Dieter Schmidt (University of Cincinnati)
rainbow5640 Rainbow over GF31 (31,16,20,20) Jintai Ding
Bo-Yin Yang
rainbow6440 Rainbow over GF31 (31,26,20,20) Jintai Ding
Bo-Yin Yang
rainbowbinary16242020 Rainbow over GF16 (16,24,20,20) Bo-Yin Yang
rainbowbinary256181212 Rainbow over GF256 (256,18,12,12) Bo-Yin Yang
ronald512 512-bit RSA signatures with message recovery Example for eBATS
ronald768 768-bit RSA signatures with message recovery Example for eBATS
ronald1024 1024-bit RSA signatures with message recovery Example for eBATS
ronald1536 1536-bit RSA signatures with message recovery Example for eBATS
ronald2048 2048-bit RSA signatures with message recovery Example for eBATS
ronald3072 3072-bit RSA signatures with message recovery Example for eBATS
ronald4096 4096-bit RSA signatures with message recovery Example for eBATS
rwb0fuz1024 1024-bit Rabin-Williams signatures with compression Adam Langley (Google)
sflashv2 SFLASHv2 multivariate-quadratic signatures Louis Goubin (Université de Versailles)
Nicolas Courtois (University College London)
Thomas Icart (École Polytechnique)
sphincs256 Daniel J. Bernstein1
Daira Hopwood
Andreas Hülsing
Tanja Lange
Ruben Niederhagen
Louiza Papachristodoulou
Peter Schwabe
Zooko Wilcox O'Hearn
tts6440 Rainbow over GF16 Bo-Yin Yang

Implementations

PrimitiveImplementationAuthors
3icpref Frost Yu-Shuang Li
Tien-Ren Chen
Ming-Shing Chen
blsref Michael Scott, Dublin City University
donald512openssl Daniel J. Bernstein (wrapper around OpenSSL)
donald1024openssl Daniel J. Bernstein (wrapper around OpenSSL)
donald2048cryptopp Wei Dai (wrapper around Crypto++)
donald2048openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldb163openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldb233openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldb283openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldb409openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldb571openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldk163openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldk233openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldk283openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldk409openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldk571openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp160openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp192openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp224openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp256openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp384openssl Daniel J. Bernstein (wrapper around OpenSSL)
ecdonaldp521openssl Daniel J. Bernstein (wrapper around OpenSSL)
ed25519amd64-51-30k Daniel J. Bernstein
Niels Duif
Tanja Lange
lead: Peter Schwabe
Bo-Yin Yang
ed25519amd64-64-24k Daniel J. Bernstein
Niels Duif
Tanja Lange
lead: Peter Schwabe
Bo-Yin Yang
ed25519ref10
ed25519ref Daniel J. Bernstein
Niels Duif
Tanja Lange
lead: Peter Schwabe
Bo-Yin Yang
ed448goldilocks32
ed448goldilocks64
ed448goldilocksamd64
ed448goldilocksarm32
ed448goldilocksneon
fslwe25ref
fslwe37ref
fslwe47ref
fslwe69ref
hectorref Peter Birkner, Technische Universiteit Eindhoven
Peter Schwabe, Technische Universiteit Eindhoven
lattisigns512avx Tim Güneysu
Tobias Oder
Thomas Pöppelmann
Peter Schwabe
mqqsig160ref Rune Erlend Jensen
Danilo Gligoroski

mqqsig192ref Rune Erlend Jensen
Danilo Gligoroski

mqqsig224ref Rune Erlend Jensen
Danilo Gligoroski

mqqsig256ref Rune Erlend Jensen
Danilo Gligoroski

ntrumls401xref John M. Schanck
ntrumls439xref John M. Schanck
ntrumls593xref John M. Schanck
ntrumls743xref John M. Schanck
pass769ref-karatsuba
pass863ref-karatsuba
pflash1ref Chia-Hsin Owen Chen
Ming-Shing Chen
rainbowref Jintai Ding, University of Cincinnati
Dieter Schmidt, University of Cincinnati
rainbow5640ref Anna Inn-Tung Chen
Tien-Ren Chen
Ming-Shing Chen
rainbow6440ref Anna Inn-Tung Chen
Tien-Ren Chen
Ming-Shing Chen
rainbowbinary16242020ref Ming-Shing Chen
rainbowbinary256181212ref Ming-Shing Chen
ronald512openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald768openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald1024openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald1536openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald2048openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald3072openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald4096openssl Daniel J. Bernstein (wrapper around OpenSSL)
rwb0fuz1024gmp Adam Langley
sflashv2ref Louis Goubin, Université de Versailles
Nicolas Courtois, University College London
Thomas Icart, École Polytechnique
sphincs256avx2 Daniel J. Bernstein1
Daira Hopwood
Andreas Hülsing
Tanja Lange
Ruben Niederhagen
Louiza Papachristodoulou
Peter Schwabe
Zooko Wilcox O'Hearn
sphincs256ref Daniel J. Bernstein1
Daira Hopwood
Andreas Hülsing
Tanja Lange
Ruben Niederhagen
Louiza Papachristodoulou
Peter Schwabe
Zooko Wilcox O'Hearn
tts6440ref Tien-Ren Chen
Ming-Shing Chen

Version

This is version 2017.02.23 of the primitives-sign.html web page. This web page is in the public domain.