VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Quad Q6600; 4 x 2404MHz; margaux, supercop-20241022

[Page version: 20241215 22:59:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
435384456546029
T:
jacfp127i
455764672647761
T:
kumjacfp127g
501945130752465
T:
prjfp127i
514625239453594
T:
hecfp127i
764937772978604
T:
jacfp128bk
895069091892948
T:
prjfp128bk
894329099493545
T:
hecfp128i
899129128994032
T:
hecfp128fkt
899819147993803
T:
hecfp128bk
125665127527128872
T:
gls1271
130814131371133766
T:
curve2251
180689180733181772
T:
kumfp127g
294818294829295527
T:
curve25519
316269316431316616
T:
kumfp128g
329540330300331297
T:
ed448goldilocks
395104400704413439
T:
hector
414195416309418661
T:
surf127eps
417298417358418477
T:
kummer
423222427295430575
T:
sclaus1024
449152456489458924
T:
nistp256
770391773692775215
T:
surf2113
170696117070321708199
T:
ed521gs
214915321626952177210
T:
sclaus2048
254059925496722729457
T:
claus
Cycles to compute a shared secret
25%50%75%system
183224183249183274
T:
kumfp127g
188074188098188136
T:
kumjacfp127g
243251243357243459
T:
jacfp128bk
292146292453292587
T:
jacfp127i
294112295258295543
T:
curve25519
299536299596299783
T:
prjfp128bk
307719307799307935
T:
hecfp128bk
311659314805317841
T:
gls1271
318716318875319053
T:
hecfp128fkt
326715326733326743
T:
kumfp128g
381141381319381411
T:
prjfp127i
389555389748389893
T:
hecfp127i
412918414511416340
T:
surf127eps
417241417334417508
T:
kummer
426950428747432860
T:
sclaus1024
553140555257557564
T:
curve2251
693950694406694541
T:
hecfp128i
769522769985774610
T:
surf2113
102712310296561033496
T:
ed448goldilocks
130326613579021363041
T:
hector
149695515017871506587
T:
nistp256
170818417081861708862
T:
ed521gs
215852821599812185926
T:
sclaus2048
252929925429222731777
T:
claus