VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Golden Cove (906a4-40); 2022 Intel Core i3-1215U, P cores; 2 x 1600MHz; alder2,1f626960,5600000, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
169791768518567
T:
jacfp127i
178151835619825
T:
prjfp127i
183261884820032
T:
hecfp127i
181341897520072
T:
kumjacfp127g
229632363324350
T:
jacfp128bk
264842725528469
T:
hecfp128bk
267262749228491
T:
prjfp128bk
268652768428625
T:
hecfp128i
272002793228957
T:
hecfp128fkt
296022981030080
T:
gls254
310563111531172
T:
gls254prot
335813368533876
T:
curve2251
383043834638398
T:
k277taa
422404231342420
T:
k298
500445062051164
T:
gls1271
522895234052384
T:
kummer
606066067960764
T:
k277mon
637866402164327
T:
kumfp127g
802708057980880
T:
kumfp128g
105994106653107782
T:
curve25519
139651140060141012
T:
ed448goldilocks
177084177982179536
T:
nistp256
182115183789185622
T:
sclaus1024
597723603129611078
T:
ed521gs
772969777528780654
T:
nist521gs
922875923553924278
T:
claus
935145941837948556
T:
sclaus2048
Cycles to compute a shared secret
25%50%75%system
290262907429132
T:
gls254
309073094531004
T:
gls254prot
381813822238269
T:
k277taa
420704211542181
T:
k298
522065226652332
T:
kummer
605316059860649
T:
k277mon
656506583866042
T:
kumfp127g
663586648566645
T:
jacfp128bk
665276672267487
T:
kumjacfp127g
760097616976333
T:
prjfp128bk
775337774778040
T:
hecfp128bk
803308059480785
T:
hecfp128fkt
845968501985371
T:
kumfp128g
101226101338104823
T:
jacfp127i
105906106209106555
T:
curve25519
119474119982121461
T:
prjfp127i
120593120735121155
T:
hecfp127i
122064122891126211
T:
gls1271
130563133976134288
T:
curve2251
169079169359169831
T:
hecfp128i
190674191398193358
T:
sclaus1024
408584409179409875
T:
ed448goldilocks
436277437514439074
T:
nistp256
595066599094604905
T:
ed521gs
769600773943779545
T:
nist521gs
920903921782922845
T:
claus
951718960575964276
T:
sclaus2048