VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Core i7-4765T; 4 x 2000MHz; prodesk, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
307843121631768
T:
jacfp127i
307603178033440
T:
kumjacfp127g
340523453235060
T:
prjfp127i
349683556036316
T:
hecfp127i
408204236043692
T:
jacfp128bk
423884361645988
T:
curve2251
451364562446672
T:
gls254
456564637648064
T:
hecfp128i
472124776048312
T:
hecfp128fkt
463764784449176
T:
prjfp128bk
474764834448868
T:
hecfp128bk
490724915649352
T:
gls254prot
626366272062848
T:
k277taa
670326711268456
T:
kummer
700807021270680
T:
k298
883808934890120
T:
gls1271
951169517695360
T:
k277mon
110880111020111140
T:
kumfp127g
144420144472144528
T:
curve25519
156980157052157116
T:
kumfp128g
174872175100175452
T:
ed448goldilocks
217100219020221008
T:
sclaus1024
284344284884285296
T:
nistp256
543188545196548492
T:
surf2113
102434810252081026004
T:
ed521gs
111125611204881128292
T:
sclaus2048
119709611975761198772
T:
nist521gs
153294815343281539520
T:
claus
Cycles to compute a shared secret
25%50%75%system
401084042441172
T:
gls254
488684900449064
T:
gls254prot
625846266062728
T:
k277taa
670086704868352
T:
kummer
697886985269916
T:
k298
949489498095020
T:
k277mon
112620112708112936
T:
kumfp127g
113284113440116788
T:
jacfp128bk
120356120472120672
T:
kumjacfp127g
139708139876140012
T:
prjfp128bk
145760145960146112
T:
hecfp128bk
151184151332151508
T:
hecfp128fkt
155944155996156048
T:
curve25519
159948160364170900
T:
curve2251
162572162628162684
T:
kumfp128g
185264185400185576
T:
jacfp127i
212144212644219820
T:
gls1271
219888220112220720
T:
sclaus1024
225272225520225896
T:
prjfp127i
229292229480229696
T:
hecfp127i
326104326372326668
T:
hecfp128i
539336539612541444
T:
ed448goldilocks
541376544528546128
T:
surf2113
758740759052760288
T:
nistp256
960432961408961836
T:
claus
102402810245841025284
T:
ed521gs
111619611283881148140
T:
sclaus2048
119653611971801197880
T:
nist521gs