VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20240909

[Page version: 20241001 17:31:03]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
307553147633967
T:
kumjacfp127g
314713294434710
T:
jacfp127i
366473820041491
T:
prjfp127i
376513951942958
T:
hecfp127i
435924496246487
T:
jacfp128bk
514705257654920
T:
hecfp128fkt
518485289555832
T:
hecfp128bk
510355297456390
T:
prjfp128bk
523785331854328
T:
hecfp128i
575935877461688
T:
curve2251
734147469775731
T:
gls254
887008872588760
T:
kummer
947789588396649
T:
gls1271
120072120116120184
T:
kumfp127g
120421120451120975
T:
gls254prot
145484145554149576
T:
curve25519
165175165314165426
T:
kumfp128g
172637172684172778
T:
k277taa
180894181036181341
T:
k298
208141208368208691
T:
ed448goldilocks
256181256187256224
T:
k277mon
267361269623272335
T:
sclaus1024
310470310623310827
T:
nistp256
595391597883599299
T:
surf2113
111159911121931113107
T:
ed521gs
136516813780181401986
T:
sclaus2048
160221216115211634236
T:
claus
Cycles to compute a shared secret
25%50%75%system
675426923971241
T:
gls254
884948852088554
T:
kummer
120289120434120626
T:
gls254prot
121802121859121917
T:
kumfp127g
124513124593124705
T:
jacfp128bk
125986126049126147
T:
kumjacfp127g
157059157195157382
T:
prjfp128bk
157293157349160273
T:
curve25519
161617161777161949
T:
hecfp128bk
167500167624167787
T:
hecfp128fkt
170927171177171462
T:
kumfp128g
172434172491172550
T:
k277taa
180595180687180810
T:
k298
191005192122193945
T:
jacfp127i
225244225735229616
T:
curve2251
237566238361242569
T:
gls1271
238601238861239183
T:
prjfp127i
245249245595246027
T:
hecfp127i
256095256102256151
T:
k277mon
267743271307278921
T:
sclaus1024
364715365025365400
T:
hecfp128i
587269596770597997
T:
surf2113
629856630027630216
T:
ed448goldilocks
106317510641021065304
T:
nistp256
112312611241521125215
T:
ed521gs
136082413800401382383
T:
sclaus2048
160763916116681633559
T:
claus