VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Haswell+AES (306c3); 2013 Intel Core i7-4765T; 4 x 2000MHz; prodesk, supercop-20250415

[Page version: 20250707 22:37:04]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
309123142832068
T:
jacfp127i
334923442035820
T:
kumjacfp127g
332283451635908
T:
prjfp127i
348283538435892
T:
hecfp127i
399684160443256
T:
jacfp128bk
420724255245804
T:
curve2251
448284538446148
T:
gls254
451444588847860
T:
hecfp128fkt
454924603246812
T:
prjfp128bk
453364609248312
T:
ecfp256e
460924670847128
T:
hecfp128bk
489284913249216
T:
gls254prot
477604932052696
T:
ecfp256h
484124968851384
T:
hecfp128i
494365090453500
T:
ecfp256s
528485437658156
T:
ecfp256q
625686264462700
T:
k277taa
666766780868020
T:
kummer
700207013270260
T:
k298
885568962490472
T:
gls1271
951209514895184
T:
k277mon
110944111056111176
T:
kumfp127g
144396144472145952
T:
curve25519
156940157024157112
T:
kumfp128g
167012168092168880
T:
sclaus1024
174932175092175388
T:
ed448goldilocks
210916211952213172
T:
ecfp256i
213504214372215300
T:
surf127eps
255608265572275272
T:
hector
288792288860288956
T:
nistp256
540956543320544604
T:
surf2113
836800840312842464
T:
sclaus2048
102076410215561022556
T:
ed521gs
110083611025481103876
T:
claus
120557212069961211736
T:
nist521gs
Cycles to compute a shared secret
25%50%75%system
401084019241176
T:
gls254
489364900049052
T:
gls254prot
623846247662572
T:
k277taa
675246768467920
T:
kummer
698286987669944
T:
k298
949889502895080
T:
k277mon
112576112692112824
T:
kumfp127g
113556113648113752
T:
jacfp128bk
120328120484120600
T:
kumjacfp127g
139696139840140072
T:
prjfp128bk
145960146104146296
T:
hecfp128bk
151028151176151380
T:
hecfp128fkt
155968156068157608
T:
curve25519
159160159408159612
T:
curve2251
162512162568162608
T:
kumfp128g
184732184864185036
T:
jacfp127i
194228194328194476
T:
ecfp256e
201260201376201632
T:
ecfp256q
205780205920206076
T:
ecfp256i
207236208296209464
T:
surf127eps
217648217868224396
T:
sclaus1024
215668218852219168
T:
gls1271
224800225012225300
T:
prjfp127i
229412229668229968
T:
hecfp127i
235380235532235688
T:
ecfp256h
258356258488258692
T:
ecfp256s
325616326008331020
T:
hecfp128i
534772535240543472
T:
surf2113
539300539676540780
T:
ed448goldilocks
745372746412747388
T:
nistp256
888704895296908244
T:
hector
102012010211281022404
T:
ed521gs
111382811251361126108
T:
sclaus2048
120515612058761206632
T:
nist521gs
129400812961841297584
T:
claus