VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bonnell (30661); 2011 Intel Atom D2500; 2 x 1866MHz; h8atom, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
127512128247129598
T:
jacfp127i
134141135380136542
T:
kumjacfp127g
142352143759145327
T:
prjfp127i
145292146384147539
T:
hecfp127i
216692217595219618
T:
jacfp128bk
245301246792248647
T:
prjfp128bk
246911248094249452
T:
hecfp128bk
246561248101250166
T:
hecfp128fkt
246638248633252476
T:
curve2251
249389250222251468
T:
hecfp128i
310583314405317254
T:
gls1271
540694540834545552
T:
kumfp127g
103186310325771041047
T:
kumfp128g
109597610959901096732
T:
curve25519
131145713157341325548
T:
ed448goldilocks
134903313501111354794
T:
nistp256
169887217074191713705
T:
surf2113
172846117288951735622
T:
kummer
175921217765931802143
T:
sclaus1024
705474070591717077637
T:
ed521gs
868305287586738827994
T:
sclaus2048
106055881064557210725526
T:
claus
Cycles to compute a shared secret
25%50%75%system
548142548177552825
T:
kumfp127g
552160552209557550
T:
kumjacfp127g
727083727468733278
T:
jacfp128bk
746179755076761873
T:
gls1271
860776860797861749
T:
prjfp128bk
884835887390892332
T:
hecfp128bk
919597920024927311
T:
hecfp128fkt
929474930601938924
T:
jacfp127i
101810810182551030652
T:
curve2251
105735010575111066352
T:
kumfp128g
109582210958221095892
T:
curve25519
110151311078901114295
T:
prjfp127i
113514811356381148126
T:
hecfp127i
170128717040521715406
T:
surf2113
172827917283701731660
T:
kummer
175465517757531818600
T:
sclaus1024
195169819523911968141
T:
hecfp128i
446261244755974481372
T:
ed448goldilocks
453429245463814548838
T:
nistp256
705240270586117133609
T:
ed521gs
862431587032898715777
T:
sclaus2048
106166761062894010730398
T:
claus