VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20240909

[Page version: 20241006 02:11:52]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: old (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
406464118241991
T:
jacfp127i
425314300243658
T:
kumjacfp127g
469054742847979
T:
prjfp127i
484494900549593
T:
hecfp127i
734347388374471
T:
jacfp128bk
863358714388291
T:
hecfp128bk
865268731288270
T:
prjfp128bk
870468785689067
T:
hecfp128fkt
871638818889343
T:
hecfp128i
126831128544129874
T:
gls1271
132790134326135610
T:
curve2251
179141179228179334
T:
kumfp127g
292827294267295408
T:
curve25519
314628314882315300
T:
kumfp128g
330478331239333568
T:
ed448goldilocks
416516418114418297
T:
kummer
423010426195431159
T:
sclaus1024
501816502448503584
T:
nistp256
775398779235782494
T:
surf2113
165727516579441660953
T:
ed521gs
191204319144961916744
T:
nist521gs
214938121672052184192
T:
sclaus2048
254279225482972554961
T:
claus
Cycles to compute a shared secret
25%50%75%system
183450183534183656
T:
kumfp127g
187606187812188203
T:
kumjacfp127g
241870242024242355
T:
jacfp128bk
291404291648292082
T:
jacfp127i
293042294615295285
T:
curve25519
300332300512300902
T:
prjfp128bk
307276307444307916
T:
hecfp128bk
318265318540319137
T:
hecfp128fkt
311723321884328632
T:
gls1271
327052327287327536
T:
kumfp128g
380234380419380954
T:
prjfp127i
388542388780389186
T:
hecfp127i
415134417559418814
T:
kummer
424471431570436702
T:
sclaus1024
549295550927553964
T:
curve2251
694270695003695983
T:
hecfp128i
768423774105775793
T:
surf2113
103325210349471037847
T:
ed448goldilocks
116941411714271172835
T:
nistp256
165785716589281660179
T:
ed521gs
191164919139291916416
T:
nist521gs
216940721834162203569
T:
sclaus2048
254028225429532547679
T:
claus