VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
228542411526307
T:
jacfp127i
225072439526334
T:
kumjacfp127g
251352606529936
T:
hecfp127i
243892608729274
T:
prjfp127i
314063225433956
T:
jacfp128bk
362783719039311
T:
prjfp128bk
368633726840973
T:
gls254
366943845340957
T:
hecfp128fkt
375003860340976
T:
hecfp128i
382503870842913
T:
curve2251
387343880242032
T:
gls254prot
385083994143159
T:
hecfp128bk
457404579351976
T:
k277taa
503795062157068
T:
k298
538635415359086
T:
kummer
695527057572369
T:
gls1271
709727105677333
T:
k277mon
795717972389545
T:
kumfp127g
111178114403121028
T:
kumfp128g
125338125689135889
T:
curve25519
153043153629165768
T:
ed448goldilocks
177288181776196724
T:
sclaus1024
263311270074289205
T:
nistp256
522418539823555996
T:
surf2113
848843861318884129
T:
ed521gs
912034934283979669
T:
sclaus2048
106517110795591114129
T:
claus
Cycles to compute a shared secret
25%50%75%system
356683573239415
T:
gls254
384783853741750
T:
gls254prot
454424548048824
T:
k277taa
499375005953936
T:
k298
526335389156020
T:
kummer
708297094877272
T:
k277mon
810048113587871
T:
kumfp127g
829508310392593
T:
kumjacfp127g
883978858097633
T:
jacfp128bk
108839109274118732
T:
prjfp128bk
112392115707124308
T:
hecfp128bk
116246116492125857
T:
hecfp128fkt
115447118473128577
T:
kumfp128g
124606124982131649
T:
jacfp127i
135520135945148744
T:
curve25519
144170144494151544
T:
curve2251
165383171808178858
T:
prjfp127i
167409174065187595
T:
hecfp127i
173805178420188659
T:
gls1271
177630184038196867
T:
sclaus1024
248851255113269609
T:
hecfp128i
471294481319500704
T:
ed448goldilocks
516705534970553873
T:
surf2113
848468862816885391
T:
ed521gs
920226934208964371
T:
nistp256
926228945561973281
T:
sclaus2048
107126610847221117873
T:
claus