Measurements of public-key Diffie–Hellman secret-sharing systems
[Page version: 20250510 09:50:10]
eBATS
(ECRYPT Benchmarking
of Asymmetric Systems)
is a project
to measure the performance of public-key systems.
This page presents benchmark results collected in eBATS
for public-key Diffie–Hellman secret-sharing systems:
- Time (cycles) to generate a key pair:
a secret key and a corresponding public key.
- Time to compute a shared secret,
given one user's secret key and another user's public key.
- Space (bytes) for a secret key.
- Space for a public key.
- Space for a shared secret.
Each table row lists
the first quartile of many speed measurements,
the median of many speed measurements,
the third quartile of many speed measurements, and
the name of the primitive.
Measurements with large variance are indicated in red with question marks.
The symbol
T:
(starting with supercop-20200816)
means that the SUPERCOP database
at the time of benchmarking did not list constant time
as a goal for this implementation.
The symbol
T!!!
means that constant time was listed as a goal for this implementation,
but that the implementation failed TIMECOP.
(TIMECOP failures are not necessarily security issues;
they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)
There is a
separate page
with more information about each Diffie–Hellman system and each implementation.
Designers and implementors
interested in submitting new Diffie–Hellman systems
and new implementations of existing systems
should read the call for submissions.
Sizes across machines
| Secret key |
|---|
| bytes | system |
|---|
| 20 | sclaus1024 |
| 28 | sclaus2048 |
| 28 | surf2113 |
| 29 | hector |
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | ecfp256e |
| 32 | ecfp256h |
| 32 | ecfp256i |
| 32 | ecfp256q |
| 32 | ecfp256s |
| 32 | gls1271 |
| 32 | gls254 |
| 32 | gls254prot |
| 32 | hecfp127i |
| 32 | hecfp128bk |
| 32 | hecfp128fkt |
| 32 | hecfp128i |
| 32 | jacfp127i |
| 32 | jacfp128bk |
| 32 | k298 |
| 32 | kumfp127g |
| 32 | kumfp128g |
| 32 | kumjacfp127g |
| 32 | kummer |
| 32 | nistp256 |
| 32 | prjfp127i |
| 32 | prjfp128bk |
| 32 | surf127eps |
| 48 | k277mon |
| 48 | k277taa |
| 104 | nist521gs |
| 130 | ed521gs |
| 144 | ed448goldilocks |
| 256 | claus |
|
| Public key |
|---|
| bytes | system |
|---|
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | gls1271 |
| 48 | kumfp127g |
| 48 | kumfp128g |
| 48 | kumjacfp127g |
| 48 | kummer |
| 48 | surf127eps |
| 48 | surf2113 |
| 56 | ed448goldilocks |
| 60 | hector |
| 64 | ecfp256e |
| 64 | ecfp256h |
| 64 | ecfp256q |
| 64 | ecfp256s |
| 64 | gls254 |
| 64 | gls254prot |
| 64 | hecfp127i |
| 64 | hecfp128bk |
| 64 | hecfp128fkt |
| 64 | hecfp128i |
| 64 | jacfp127i |
| 64 | jacfp128bk |
| 64 | nistp256 |
| 64 | prjfp127i |
| 64 | prjfp128bk |
| 80 | k277mon |
| 80 | k277taa |
| 96 | ecfp256i |
| 96 | k298 |
| 128 | claus |
| 128 | sclaus1024 |
| 144 | ed521gs |
| 144 | nist521gs |
| 256 | sclaus2048 |
|
| Shared secret |
|---|
| bytes | system |
|---|
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | ecfp256e |
| 32 | ecfp256h |
| 32 | ecfp256i |
| 32 | ecfp256q |
| 32 | ecfp256s |
| 32 | gls1271 |
| 32 | gls254prot |
| 32..32..64 | gls254 |
| 40 | k277mon |
| 40 | k277taa |
| 48 | k298 |
| 48 | kumfp127g |
| 48 | kumfp128g |
| 48 | kumjacfp127g |
| 48 | kummer |
| 48 | surf127eps |
| 48 | surf2113 |
| 60 | hector |
| 64 | ed448goldilocks |
| 64 | hecfp127i |
| 64 | hecfp128bk |
| 64 | hecfp128fkt |
| 64 | hecfp128i |
| 64 | jacfp127i |
| 64 | jacfp128bk |
| 64 | nistp256 |
| 64 | prjfp127i |
| 64 | prjfp128bk |
| 72 | ed521gs |
| 72 | nist521gs |
| 128 | claus |
| 128 | sclaus1024 |
| 256 | sclaus2048 |
|
amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20250415
Measurements Test resultsamd64; Raptor Cove (b06a2); 2023 Intel Core i7-13700H, P cores; 6 x 4800MHz; raptor, supercop-20231107
Measurements Test resultsamd64; Golden Cove (906a4-40); 2022 Intel Core i3-1215U, P cores; 2 x 1600MHz; alder2,1f626960,5600000, supercop-20250415
Measurements Test resultsamd64; Gracemont (906a4-20); 2022 Intel Core i3-1215U, E cores; 4 x 1600MHz; alder2,1f626960,3300000, supercop-20250415
Measurements Test resultsamd64; Golden Cove (90675-00); 2022 Intel Core i3-12100; 4 x 3300MHz; alder, supercop-20250415
Measurements Test resultsamd64; Zen 2 (860f01); 2022 AMD Ryzen 5 4500U; 6 x 3600MHz; renoir, supercop-20250415
Measurements Test resultsamd64; Zen 3 (a50f00); 2021 AMD Ryzen 5 PRO 5650G; 6 x 3900MHz; cezanne, supercop-20250415
Measurements Test resultsamd64; Zen 3 (a50f00); 2021 AMD Ryzen 5 5560U; 6 x 4062MHz; beelink, supercop-20221122
Measurements Test resultsamd64; Zen 2 (860f81); 2021 AMD Ryzen 3 5300U; 4 x 2600MHz; lucienne, supercop-20250415
Measurements Test resultsamd64; Tremont (906c0); 2021 Intel Pentium Silver N6000; 4 x 1100MHz; jasper, supercop-20250415
Measurements Test resultsamd64; Tremont (906c0); 2021 Intel Celeron N5105; 4 x 2000MHz; jasper3, supercop-20250415
Measurements Test resultsamd64; Tremont (906c0); 2021 Intel Celeron N4500; 2 x 1100MHz; jasper2, supercop-20250415
Measurements Test resultsamd64; Zen 3 (a20f10); 2020 AMD Ryzen 5 5600X; 6 x 3700MHz; unstable; spawn, supercop-20231215
Measurements Test resultsamd64; Zen (820f01); 2020 AMD Athlon Silver 3050e; 2 x 1400MHz; dali, supercop-20250415
Measurements Test resultsamd64; Tiger Lake (806c1); 2020 Intel Core i7-1165G7; 4 x 2800MHz; panther, supercop-20250415
Measurements Test resultsaarch64; Cortex-A72 (410fd083); 2019 Broadcom BCM2711; 4 x 1500MHz; pi4b, supercop-20241022
Measurements Test resultsamd64; Zen 2 (830f10); 2019 AMD EPYC 7742; 64 x 2250MHz; rome0, supercop-20250415
Measurements Test resultsamd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; comet, supercop-20241022
Measurements Test resultsamd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; cubi10, supercop-20250415
Measurements Test resultsamd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; know, supercop-20250415
Measurements Test resultsamd64; Ice Lake (706e5); 2019 Intel Core i3-1035G1; 4 x 1000MHz; icelake2, supercop-20221005
Measurements Test resultsamd64; Goldmont Plus (706a8); 2019 Intel Celeron N4020; 2 x 1100MHz; gemini, supercop-20250307
Measurements Test resultsaarch64; Skylark (503f0002); 2018 Ampere eMAG 8180; 32 x 3300MHz; unstable; gcc185, supercop-20240107
Measurements Test resultsaarch64; Cortex-A53 (410fd034); 2018 Broadcom BCM2837B0; 4 x 1400MHz; pi3aplus, supercop-20250415
Measurements Test resultsaarch64; Cortex-A53 (410fd034); 2018 Broadcom BCM2837B0; 4 x 1400MHz; pi3bplus, supercop-20241022
Measurements Test resultsamd64; Coffee Lake (906ea); 2018 Intel Xeon E-2124; 4 x 3300MHz; r24000, supercop-20250415
Measurements Test resultsamd64; Coffee Lake (806ea); 2018 Intel Core i3-8109U; 2 x 3000MHz; like, supercop-20250415
Measurements Test resultsriscv64; U54 (sifive,u54-mc); 2017 SiFive Freedom U540; 4 x 1000MHz; riscvunleashed000, supercop-20240107
Measurements Test resultsamd64; Zen (800f11); 2017 AMD Ryzen 7 1700; 8 x 3000MHz; rumba7, supercop-20250415
Measurements Test resultsamd64; Zen (800f11); 2017 AMD Ryzen 5 1600; 6 x 3200MHz; rumba5, supercop-20241022
Measurements Test resultsamd64; Zen (800f11); 2017 AMD Ryzen 3 1200; 4 x 3100MHz; rumba3, supercop-20221122
Measurements Test resultsamd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20250415
Measurements Test resultsamd64; Kaby Lake (806e9); 2017 Intel Core i3-7100; 2 x 2400MHz; whosthere, supercop-20221122
Measurements Test resultsarmeabi; Cortex-A7 (410fc075); 2016 Broadcom BCM2836; 4 x 900MHz; berry2, supercop-20240909
Measurements Test resultsamd64; Goldmont (506c9); 2016 Intel Celeron J3455; 4 x 1500MHz; wooden, supercop-20241022
Measurements Test resultsamd64; Broadwell+AES (406f1); 2016 Intel Xeon E5-2609 v4; 8 x 1700MHz; bolero, supercop-20250415
Measurements Test resultsamd64; Silvermont (406c4); 2016 Intel Atom x5-Z8350; 4 x 1440MHz; cherry, supercop-20250415
Measurements Test resultsamd64; Skylake (506e3); 2015 Intel Xeon E3-1220 v5; 4 x 3000MHz; samba, supercop-20250415
Measurements Test resultsamd64; Airmont (406c3); 2015 Intel Pentium N3700; 4 x 1600MHz; nucnuc, supercop-20241022
Measurements Test resultsamd64; Broadwell+AES (306d4); 2015 Intel Core i3-5005U; 2 x 1900MHz; shoe, supercop-20250415
Measurements Test resultsarmeabi; Cortex-A17 (410fc0d1); 2014 Rockchip RK3288; 4 x 1800MHz; tinker, supercop-20241022
Measurements Test resultsamd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20250415
Measurements Test resultsamd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1220 v3; 4 x 3100MHz; hiphop, supercop-20231107
Measurements Test resultsamd64; Haswell+AES (306c3); 2013 Intel Core i7-4770; 4 x 3400MHz; speed2supercop, supercop-20250415
Measurements Test resultsamd64; Haswell+AES (306c3); 2013 Intel Core i7-4765T; 4 x 2000MHz; prodesk, supercop-20241022
Measurements Test resultsarmeabi; Cortex-A8 (413fc082); 2012 TI Sitara XAM3359AZCZ100; 1 x 1000MHz; bblack, supercop-20241022
Measurements Test resultsamd64; Bulldozer (600f20); 2012 AMD FX-8350; 4 x 4000MHz; saber214, supercop-20250415
Measurements Test resultsamd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20250415
Measurements Test resultsamd64; Ivy Bridge+AES (306a9); 2012 Intel Core i5-3427U; 2 x 1800MHz; hunsnivy, supercop-20250415
Measurements Test resultsarmeabi; Cortex-A9+NEON (412fc09a); 2011 Freescale i.MX6 Quad; 4 x 1200MHz; unstable; novena, supercop-20220506
Measurements Test resultsarmeabi; ARM1176 (410fb767); 2011 Broadcom BCM2835; 1 x 1000MHz; berry0, supercop-20240909
Measurements Test resultsmipso32; Octeon II (cnmips64v2); 2011 Cavium Octeon II CN6120; 2 x 2000MHz; gcc23, supercop-20230530
Measurements Test resultsamd64; Bobcat (500f10); 2011 AMD G-T56N; 2 x 1650MHz; h8bobcat, supercop-20241022
Measurements Test resultsamd64; K10 32nm (300f10); 2011 AMD A8-3850; 4 x 2900MHz; hydra5, supercop-20250415
Measurements Test resultsamd64; K10 32nm (300f10); 2011 AMD A6-3650; 4 x 2600MHz; hydra4, supercop-20250415
Measurements Test resultsamd64; Bonnell (30661); 2011 Intel Atom D2500; 2 x 1866MHz; h8atom, supercop-20250415
Measurements Test resultsamd64; Sandy Bridge+AES (206a7); 2011 Intel Xeon E3-1225; 4 x 3100MHz; hydra7, supercop-20250415
Measurements Test resultsamd64; Sandy Bridge (206a7); 2011 Intel Core i3-2310M; 2 x 2100MHz; h6sandy, supercop-20241022
Measurements Test resultsamd64; K10 45nm (100f63); 2010 AMD Athlon II Neo K125; 1 x 1700MHz; h3neo, supercop-20241022
Measurements Test resultsamd64; Bonnell (106ca); 2010 Intel Atom N455; 1 x 1000MHz; h2atom, supercop-20241022
Measurements Test resultsamd64; Core 2 45nm (1067a); 2009 Intel Core 2 Duo E7600; 2 x 3060MHz; wolfdale, supercop-20250415
Measurements Test resultsamd64; Core 2 45nm (10676); 2007 Intel Xeon X5450; 8 x 2992MHz; unstable; gcc14, supercop-20220506
Measurements Test resultsamd64; Core 2 65nm (6fb); 2007 Intel Core 2 Quad Q6600; 4 x 2404MHz; margaux, supercop-20250415
Measurements Test resultsamd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20250307
Measurements Test results |
