VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Bonnell (30661); 2011 Intel Atom D2500; 2 x 1866MHz; h8atom, supercop-20250307

[Page version: 20250425 10:21:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
128079129206130592
T:
jacfp127i
135646136759138166
T:
kumjacfp127g
141295142261143304
T:
prjfp127i
143871145047146321
T:
hecfp127i
217126218561220080
T:
jacfp128bk
233016235753238651
T:
ecfp256e
246001248367250495
T:
prjfp128bk
247163249221252686
T:
curve2251
247527249599251930
T:
hecfp128bk
248220249613251580
T:
hecfp128fkt
248535250642252742
T:
hecfp128i
251972255479258034
T:
ecfp256s
259147261359264824
T:
ecfp256h
260617264285267883
T:
ecfp256q
317443320271323309
T:
gls1271
540925545188546714
T:
kumfp127g
772625784238819343
T:
hector
103330510397591042461
T:
kumfp128g
109596210959761096935
T:
curve25519
111988811240951127994
T:
surf127eps
113080811389001149624
T:
ecfp256i
130460413113661321488
T:
ed448goldilocks
133476713447351352211
T:
sclaus1024
134977513504961366330
T:
nistp256
170555017149721732682
T:
surf2113
174067617550471762236
T:
kummer
672163867615946810335
T:
sclaus2048
706906271369627174566
T:
ed521gs
847566385542318595594
T:
nist521gs
892167590065929047479
T:
claus
Cycles to compute a shared secret
25%50%75%system
550396552937554680
T:
kumfp127g
552160556661558348
T:
kumjacfp127g
728455732592733880
T:
jacfp128bk
762300789026790762
T:
gls1271
865452867685869449
T:
prjfp128bk
884856887677892864
T:
hecfp128bk
920136923034928508
T:
hecfp128fkt
931448937636939939
T:
jacfp127i
102043910237501033683
T:
curve2251
106558210656871073401
T:
ecfp256e
106397210665691067689
T:
kumfp128g
109582210958221095850
T:
curve25519
111126411136301115128
T:
prjfp127i
111200611160171121498
T:
ecfp256q
111651411203781121666
T:
surf127eps
113336311385711143415
T:
ecfp256i
114445811476221149848
T:
hecfp127i
132322413310641335586
T:
ecfp256s
141134014114941421924
T:
ecfp256h
171590317248001733963
T:
surf2113
175038517548231766821
T:
sclaus1024
174533117558241762712
T:
kummer
195317519653621973314
T:
hecfp128i
275572527890662821266
T:
hector
450962445291544581199
T:
ed448goldilocks
453773645505184582417
T:
nistp256
709037071390907169001
T:
ed521gs
849198085589358604428
T:
nist521gs
879657188651648901144
T:
sclaus2048
105558391068492610746456
T:
claus