VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information: Introduction eBASH eBASC eBAEAD eBATS SUPERCOP XBX Computers
How to submit new software: Tips hash stream aead dh kem encrypt sign
List of primitives measured: lwc sha3 hash stream lwc caesar aead dh kem encrypt sign
Measurements indexed by machine: lwc sha3 hash stream lwc caesar aead dh kem encrypt sign
List of subroutines: verify decode encode sort core hashblocks scalarmult

List of public-key cryptosystems measured

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page focuses on public-key encryption; it lists the public-key cryptosystems covered by SUPERCOP. The page then lists implementations of these systems.

There is a separate page that lists machines and, for each machine, the measurements of these systems.

Designers and implementors interested in submitting new public-key cryptosystems and new implementations of existing cryptosystems should read the call for submissions.

Which public-key cryptosystems are measured?

PrimitiveDescriptionDesigners
3hfe 3-variable multivariate hidden field equations with a prefix Jintai Ding
Bo-Yin Yang
4hfe 4-variable multivariate hidden field equations with a prefix Jintai Ding
Bo-Yin Yang
cargocult2048 Based on rsa2048 but sends along a random 12-byte nonce for AES-256-GCM instead of using nonce 0.
ledapkc1264 LEDAcrypt-PKC cat=1 n0=2 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc1364 LEDAcrypt-PKC cat=1 n0=3 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc1464 LEDAcrypt-PKC cat=1 n0=4 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc3264 LEDAcrypt-PKC cat=3 n0=2 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc3364 LEDAcrypt-PKC cat=3 n0=3 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc3464 LEDAcrypt-PKC cat=3 n0=4 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc5264 LEDAcrypt-PKC cat=5 n0=2 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc5364 LEDAcrypt-PKC cat=5 n0=3 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc5464 LEDAcrypt-PKC cat=5 n0=4 dfr=64 (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc12sl LEDAcrypt-PKC cat=1 n0=2 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc13sl LEDAcrypt-PKC cat=1 n0=3 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc14sl LEDAcrypt-PKC cat=1 n0=4 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc32sl LEDAcrypt-PKC cat=3 n0=2 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc33sl LEDAcrypt-PKC cat=3 n0=3 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc34sl LEDAcrypt-PKC cat=3 n0=4 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc52sl LEDAcrypt-PKC cat=5 n0=2 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc53sl LEDAcrypt-PKC cat=5 n0=3 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
ledapkc54sl LEDAcrypt-PKC cat=5 n0=4 dfr=sl (2020.03 version) Marco Baldi m.baldi@univpm.it
Alessandro Barenghi alessandro.barenghi@polimi.it
Franco Chiaraluce f.chiaraluce@univpm.it
Gerardo Pelosi gerardo.pelosi@polimi.it
Paolo Santini p.santini@pm.univpm.it
lotus128
lotus192
lotus256
mceliece A variant of McEliece's code-based cryptosystem Bhaskar Biswas (INRIA Rocquencourt)
Nicolas Sendrier (INRIA Rocquencourt)
mcnie3q1281
mcnie3q1282
mcnie3q1921
mcnie3q1922
mcnie3q2561
mcnie3q2562
mcnie4q1281
mcnie4q1282
mcnie4q1921
mcnie4q1922
mcnie4q2561
mcnie4q2562
ntruees1087ep1 CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: parameter set: NTRU_EES1087EP1, N=1087, q=2048, maximum message length = 178 bytes.
ntruees1499ep1 CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: parameter set: NTRU_EES1499EP1, N=1499, q=2048, maximum message length = 247 bytes.
ntruees401ep2 CCA-2 secure product-form NTRU public-key encryption with 112-bit equivalent security. Relevant parameters: N=401, q=2048, maximum message length = 60 bytes. Hybrid encryption with Salsa20 and SHA-1. eBATS package created by Virendra Kumar (Security Innovation)

ntruees439ep1 CCA-2 secure product-form NTRU public-key encryption with 128-bit equivalent security. Relevant parameters: N=439, q=2048, maximum message length = 65 bytes. Hybrid encryption with Salsa20 and SHA-256. eBATS package created by Virendra Kumar (Security Innovation)

ntruees593ep1 CCA-2 secure product-form NTRU public-key encryption with 192-bit equivalent security. Relevant parameters: N=593, q=2048, maximum message length = 86 bytes. Hybrid encryption with Salsa20 and SHA-256. eBATS package created by Virendra Kumar (Security Innovation)

ntruees743ep1 CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: N=743, q=2048, maximum message length = 106 bytes. Hybrid encryption with Salsa20 and SHA-256. eBATS package created by Virendra Kumar (Security Innovation)

ntruees787ep1 NTRU encryption with N=787 and q=587 Mark Etzel (NTRU Cryptosystems)
pqrsa15
r5n11pke0d
r5n13pke0d
r5n13pke0smallct
r5n15pke0d
r5nd1pke0d
r5nd1pke5d
r5nd3pke0d
r5nd3pke5d
r5nd5pke0d
r5nd5pke5d
ronald1024 1024-bit RSA encryption with malleability defense Example for eBATS
ronald1536 1536-bit RSA encryption with malleability defense Example for eBATS
ronald2048 2048-bit RSA encryption with malleability defense Example for eBATS
ronald3072 3072-bit RSA encryption with malleability defense Example for eBATS
ronald4096 4096-bit RSA encryption with malleability defense Example for eBATS
rsa2048

Implementations

PrimitiveImplementationAuthors
3hferef Chia-Hsin Owen Chen
Li-Hsiang Kuo
Tien-Ren Chen
Ming-Shing Chen
4hferef Chia-Hsin Owen Chen
Li-Hsiang Kuo
Tien-Ren Chen
Ming-Shing Chen
cargocult2048ref
ledapkc1264portableopt
ledapkc1364portableopt
ledapkc1464portableopt
ledapkc3264portableopt
ledapkc3364portableopt
ledapkc3464portableopt
ledapkc5264portableopt
ledapkc5364portableopt
ledapkc5464portableopt
ledapkc12slportableopt
ledapkc13slportableopt
ledapkc14slportableopt
ledapkc32slportableopt
ledapkc33slportableopt
ledapkc34slportableopt
ledapkc52slportableopt
ledapkc53slportableopt
ledapkc54slportableopt
lotus128avx2
lotus128opt
lotus128ref
lotus192avx2
lotus192opt
lotus192ref
lotus256avx2
lotus256opt
lotus256ref
mcelieceref Bhaskar Biswas, INRIA Rocquencourt
Nicolas Sendrier, INRIA Rocquencourt
mcnie3q1281ref
mcnie3q1282ref
mcnie3q1921ref
mcnie3q1922ref
mcnie3q2561ref
mcnie3q2562ref
mcnie4q1281ref
mcnie4q1282ref
mcnie4q1921ref
mcnie4q1922ref
mcnie4q2561ref
mcnie4q2562ref
ntruees1087ep1ref
ntruees1499ep1ref
ntruees401ep2ref
ntruees439ep1ref
ntruees593ep1ref
ntruees743ep1ref
ntruees787ep1ref Mark Etzel, NTRU Cryptosystems

pqrsa15ref
r5n11pke0davx2
r5n11pke0dopt
r5n11pke0dref
r5n13pke0davx2
r5n13pke0dopt
r5n13pke0dref
r5n13pke0smallctavx2
r5n13pke0smallctopt
r5n13pke0smallctref
r5n15pke0davx2
r5n15pke0dopt
r5n15pke0dref
r5nd1pke0davx2
r5nd1pke0dopt
r5nd1pke0dref
r5nd1pke5davx2
r5nd1pke5dopt
r5nd1pke5dref
r5nd3pke0davx2
r5nd3pke0dopt
r5nd3pke0dref
r5nd3pke5davx2
r5nd3pke5dopt
r5nd3pke5dref
r5nd5pke0davx2
r5nd5pke0dopt
r5nd5pke0dref
r5nd5pke5davx2
r5nd5pke5dopt
r5nd5pke5dref
ronald1024openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald1024opensslnew Daniel J. Bernstein (wrapper around OpenSSL)
ronald1536openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald1536opensslnew Daniel J. Bernstein (wrapper around OpenSSL)
ronald2048openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald2048opensslnew Daniel J. Bernstein (wrapper around OpenSSL)
ronald3072openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald3072opensslnew Daniel J. Bernstein (wrapper around OpenSSL)
ronald4096openssl Daniel J. Bernstein (wrapper around OpenSSL)
ronald4096opensslnew Daniel J. Bernstein (wrapper around OpenSSL)
rsa2048ref

Version

This is version 2021.05.07 of the primitives-encrypt.html web page. This web page is in the public domain.