VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; know, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
227012337224466
T:
jacfp127i
231802395824828
T:
kumjacfp127g
264252728528219
T:
prjfp127i
264842731028321
T:
hecfp127i
299863054931742
T:
jacfp128bk
366163683537156
T:
gls254
365083728238045
T:
prjfp128bk
382933875939440
T:
curve2251
387513898339037
T:
gls254prot
385193910039796
T:
hecfp128i
385983932840057
T:
hecfp128fkt
387663988340971
T:
hecfp128bk
45966?46293?62270?
T:
k277taa
525405266652902
T:
k298
528905300053797
T:
kummer
718607191072037
T:
k277mon
714077215273024
T:
gls1271
802938037581069
T:
kumfp127g
113308113369113473
T:
kumfp128g
126420126815127840
T:
curve25519
153826154139154435
T:
ed448goldilocks
176411178262179661
T:
sclaus1024
239691240235241190
T:
nistp256
517940520654522126
T:
surf2113
810824811909814052
T:
ed521gs
896953903885910477
T:
sclaus2048
945401947018949576
T:
nist521gs
9895109985071040282
T:
claus
Cycles to compute a shared secret
25%50%75%system
358433601236112
T:
gls254
388753892538965
T:
gls254prot
457344609746152
T:
k277taa
523485240852501
T:
k298
527655484556021
T:
kummer
717777182571992
T:
k277mon
813488169282051
T:
kumfp127g
836458370683789
T:
kumjacfp127g
885118955689740
T:
jacfp128bk
109103109474110710
T:
prjfp128bk
114414114662114867
T:
hecfp128bk
117700117770117886
T:
kumfp128g
118401118528118680
T:
hecfp128fkt
124637125926126098
T:
jacfp127i
135619136046136512
T:
curve25519
144062144171144281
T:
curve2251
166702166892167106
T:
prjfp127i
169328169466169617
T:
hecfp127i
178635179726181532
T:
gls1271
180055180516180864
T:
sclaus1024
252116256645257295
T:
hecfp128i
466273466782467352
T:
ed448goldilocks
509907512369514409
T:
surf2113
616539616930618137
T:
nistp256
810910812498814132
T:
ed521gs
906614909095912861
T:
sclaus2048
944480946260949083
T:
nist521gs
988329990398995036
T:
claus