VAMPIRE	eBACS: ECRYPT Benchmarking of Cryptographic Systems	ECRYPT II

General information:	Introduction	eBASH	eBASC	eBAEAD	eBATS	SUPERCOP	XBX	Computers	Arch

How to submit new software:	Tips	hash	stream	aead	dh	kem	encrypt	sign

List of primitives measured:	lwc	sha3	hash	stream	lwc	caesar	aead	dh	kem	encrypt	sign

Measurements:	lwc	sha3	hash	stream	lwc	caesar	aead	dh	kem	encrypt	sign

List of subroutines:	verify	decode	encode	sort	core	hashblocks	xof	scalarmult

List of public-key cryptosystems measured

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page focuses on public-key encryption; it lists the public-key cryptosystems covered by SUPERCOP. The page then lists implementations of these systems.

There is a separate page that lists machines and, for each machine, the measurements of these systems.

Designers and implementors interested in submitting new public-key cryptosystems and new implementations of existing cryptosystems should read the call for submissions.

Which public-key cryptosystems are measured?

Primitive	Description	Designers
`3hfe`	3-variable multivariate hidden field equations with a prefix	Jintai Ding Bo-Yin Yang
`4hfe`	4-variable multivariate hidden field equations with a prefix	Jintai Ding Bo-Yin Yang
`cargocult2048`	Based on rsa2048 but sends along a random 12-byte nonce for AES-256-GCM instead of using nonce 0.
`ledapkc1264`	LEDAcrypt-PKC cat=1 n0=2 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc1364`	LEDAcrypt-PKC cat=1 n0=3 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc1464`	LEDAcrypt-PKC cat=1 n0=4 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc3264`	LEDAcrypt-PKC cat=3 n0=2 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc3364`	LEDAcrypt-PKC cat=3 n0=3 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc3464`	LEDAcrypt-PKC cat=3 n0=4 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc5264`	LEDAcrypt-PKC cat=5 n0=2 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc5364`	LEDAcrypt-PKC cat=5 n0=3 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc5464`	LEDAcrypt-PKC cat=5 n0=4 dfr=64 (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc12sl`	LEDAcrypt-PKC cat=1 n0=2 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc13sl`	LEDAcrypt-PKC cat=1 n0=3 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc14sl`	LEDAcrypt-PKC cat=1 n0=4 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc32sl`	LEDAcrypt-PKC cat=3 n0=2 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc33sl`	LEDAcrypt-PKC cat=3 n0=3 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc34sl`	LEDAcrypt-PKC cat=3 n0=4 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc52sl`	LEDAcrypt-PKC cat=5 n0=2 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc53sl`	LEDAcrypt-PKC cat=5 n0=3 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`ledapkc54sl`	LEDAcrypt-PKC cat=5 n0=4 dfr=sl (2020.03 version)	Marco Baldi m.baldi@univpm.it Alessandro Barenghi alessandro.barenghi@polimi.it Franco Chiaraluce f.chiaraluce@univpm.it Gerardo Pelosi gerardo.pelosi@polimi.it Paolo Santini p.santini@pm.univpm.it
`lotus128`
`lotus192`
`lotus256`
`mceliece`	A variant of McEliece's code-based cryptosystem	Bhaskar Biswas (INRIA Rocquencourt) Nicolas Sendrier (INRIA Rocquencourt)
`mcnie3q1281`
`mcnie3q1282`
`mcnie3q1921`
`mcnie3q1922`
`mcnie3q2561`
`mcnie3q2562`
`mcnie4q1281`
`mcnie4q1282`
`mcnie4q1921`
`mcnie4q1922`
`mcnie4q2561`
`mcnie4q2562`
`ntruees1087ep1`	CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: parameter set: NTRU_EES1087EP1, N=1087, q=2048, maximum message length = 178 bytes.
`ntruees1499ep1`	CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: parameter set: NTRU_EES1499EP1, N=1499, q=2048, maximum message length = 247 bytes.
`ntruees401ep2`	CCA-2 secure product-form NTRU public-key encryption with 112-bit equivalent security. Relevant parameters: N=401, q=2048, maximum message length = 60 bytes. Hybrid encryption with Salsa20 and SHA-1.	eBATS package created by Virendra Kumar (Security Innovation)
`ntruees439ep1`	CCA-2 secure product-form NTRU public-key encryption with 128-bit equivalent security. Relevant parameters: N=439, q=2048, maximum message length = 65 bytes. Hybrid encryption with Salsa20 and SHA-256.	eBATS package created by Virendra Kumar (Security Innovation)
`ntruees593ep1`	CCA-2 secure product-form NTRU public-key encryption with 192-bit equivalent security. Relevant parameters: N=593, q=2048, maximum message length = 86 bytes. Hybrid encryption with Salsa20 and SHA-256.	eBATS package created by Virendra Kumar (Security Innovation)
`ntruees743ep1`	CCA-2 secure product-form NTRU public-key encryption with 256-bit equivalent security. Relevant parameters: N=743, q=2048, maximum message length = 106 bytes. Hybrid encryption with Salsa20 and SHA-256.	eBATS package created by Virendra Kumar (Security Innovation)
`ntruees787ep1`	NTRU encryption with N=787 and q=587	Mark Etzel (NTRU Cryptosystems)
`pqrsa15`
`r5n11pke0d`
`r5n13pke0d`
`r5n13pke0smallct`
`r5n15pke0d`
`r5nd1pke0d`
`r5nd1pke5d`
`r5nd3pke0d`
`r5nd3pke5d`
`r5nd5pke0d`
`r5nd5pke5d`
`ronald1024`	1024-bit RSA encryption with malleability defense	Example for eBATS
`ronald1536`	1536-bit RSA encryption with malleability defense	Example for eBATS
`ronald2048`	2048-bit RSA encryption with malleability defense	Example for eBATS
`ronald3072`	3072-bit RSA encryption with malleability defense	Example for eBATS
`ronald4096`	4096-bit RSA encryption with malleability defense	Example for eBATS
`rsa2048`

Implementations

Primitive	Implementation	Authors
`3hfe`	`ref`	Chia-Hsin Owen Chen Li-Hsiang Kuo Tien-Ren Chen Ming-Shing Chen
`4hfe`	`ref`	Chia-Hsin Owen Chen Li-Hsiang Kuo Tien-Ren Chen Ming-Shing Chen
`cargocult2048`	`ref`
`ledapkc1264`	`portableopt`
`ledapkc1364`	`portableopt`
`ledapkc1464`	`portableopt`
`ledapkc3264`	`portableopt`
`ledapkc3364`	`portableopt`
`ledapkc3464`	`portableopt`
`ledapkc5264`	`portableopt`
`ledapkc5364`	`portableopt`
`ledapkc5464`	`portableopt`
`ledapkc12sl`	`portableopt`
`ledapkc13sl`	`portableopt`
`ledapkc14sl`	`portableopt`
`ledapkc32sl`	`portableopt`
`ledapkc33sl`	`portableopt`
`ledapkc34sl`	`portableopt`
`ledapkc52sl`	`portableopt`
`ledapkc53sl`	`portableopt`
`ledapkc54sl`	`portableopt`
`lotus128`	`avx2`
`lotus128`	`opt`
`lotus128`	`ref`
`lotus192`	`avx2`
`lotus192`	`opt`
`lotus192`	`ref`
`lotus256`	`avx2`
`lotus256`	`opt`
`lotus256`	`ref`
`mceliece`	`ref`	Bhaskar Biswas, INRIA Rocquencourt Nicolas Sendrier, INRIA Rocquencourt
`mcnie3q1281`	`ref`
`mcnie3q1282`	`ref`
`mcnie3q1921`	`ref`
`mcnie3q1922`	`ref`
`mcnie3q2561`	`ref`
`mcnie3q2562`	`ref`
`mcnie4q1281`	`ref`
`mcnie4q1282`	`ref`
`mcnie4q1921`	`ref`
`mcnie4q1922`	`ref`
`mcnie4q2561`	`ref`
`mcnie4q2562`	`ref`
`ntruees1087ep1`	`ref`
`ntruees1499ep1`	`ref`
`ntruees401ep2`	`ref`
`ntruees439ep1`	`ref`
`ntruees593ep1`	`ref`
`ntruees743ep1`	`ref`
`ntruees787ep1`	`ref`	Mark Etzel, NTRU Cryptosystems
`pqrsa15`	`ref`
`r5n11pke0d`	`avx2`
`r5n11pke0d`	`opt`
`r5n11pke0d`	`ref`
`r5n13pke0d`	`avx2`
`r5n13pke0d`	`opt`
`r5n13pke0d`	`ref`
`r5n13pke0smallct`	`avx2`
`r5n13pke0smallct`	`opt`
`r5n13pke0smallct`	`ref`
`r5n15pke0d`	`avx2`
`r5n15pke0d`	`opt`
`r5n15pke0d`	`ref`
`r5nd1pke0d`	`avx2`
`r5nd1pke0d`	`opt`
`r5nd1pke0d`	`ref`
`r5nd1pke5d`	`avx2`
`r5nd1pke5d`	`opt`
`r5nd1pke5d`	`ref`
`r5nd3pke0d`	`avx2`
`r5nd3pke0d`	`opt`
`r5nd3pke0d`	`ref`
`r5nd3pke5d`	`avx2`
`r5nd3pke5d`	`opt`
`r5nd3pke5d`	`ref`
`r5nd5pke0d`	`avx2`
`r5nd5pke0d`	`opt`
`r5nd5pke0d`	`ref`
`r5nd5pke5d`	`avx2`
`r5nd5pke5d`	`opt`
`r5nd5pke5d`	`ref`
`ronald1024`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald1024`	`opensslnew`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald1536`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald1536`	`opensslnew`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald2048`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald2048`	`opensslnew`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald3072`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald3072`	`opensslnew`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald4096`	`openssl`	Daniel J. Bernstein (wrapper around OpenSSL)
`ronald4096`	`opensslnew`	Daniel J. Bernstein (wrapper around OpenSSL)
`rsa2048`	`ref`

Version

This is version 2025.10.15 of the primitives-encrypt.html web page. This web page is in the public domain.

eBACS: ECRYPT Benchmarking of Cryptographic Systems

List of public-key cryptosystems measured

Which public-key cryptosystems are measured?

Implementations

Version