VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Quad Q6600; 4 x 2404MHz; margaux, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
433804457445537
T:
jacfp127i
452364614947219
T:
kumjacfp127g
501185095452234
T:
prjfp127i
513515220853449
T:
hecfp127i
764477749078511
T:
jacfp128bk
891109043293035
T:
hecfp128bk
893379062892715
T:
prjfp128bk
894149083993338
T:
hecfp128i
899819131593946
T:
hecfp128fkt
125665127527128872
T:
gls1271
131788132307134402
T:
curve2251
180684180693180707
T:
kumfp127g
294818294829295527
T:
curve25519
316252316455316623
T:
kumfp128g
329540330300331297
T:
ed448goldilocks
417304417317417366
T:
kummer
423222427295430575
T:
sclaus1024
446965447222448389
T:
nistp256
770391773692775215
T:
surf2113
170696117070321708199
T:
ed521gs
214915321626952177210
T:
sclaus2048
254059925496722729457
T:
claus
Cycles to compute a shared secret
25%50%75%system
183245183256183271
T:
kumfp127g
187788188236188402
T:
kumjacfp127g
243175243332243464
T:
jacfp128bk
291951292245292516
T:
jacfp127i
294112295258295543
T:
curve25519
299527299764299885
T:
prjfp128bk
307368307521307645
T:
hecfp128bk
311659314805317841
T:
gls1271
318253318699319117
T:
hecfp128fkt
326731326741326761
T:
kumfp128g
382202382378382573
T:
prjfp127i
389510389640389811
T:
hecfp127i
409909417323418440
T:
kummer
426950428747432860
T:
sclaus1024
554720555381558223
T:
curve2251
693780693897694107
T:
hecfp128i
769522769985774610
T:
surf2113
102712310296561033496
T:
ed448goldilocks
148951215018641537925
T:
nistp256
170818417081861708862
T:
ed521gs
215852821599812185926
T:
sclaus2048
252929925429222731777
T:
claus