Measurements of public-key Diffie–Hellman secret-sharing systems
[Page version: 20240724 17:32:10]
eBATS
(ECRYPT Benchmarking
of Asymmetric Systems)
is a project
to measure the performance of public-key systems.
This page presents benchmark results collected in eBATS
for public-key Diffie–Hellman secret-sharing systems:
- Time (cycles) to generate a key pair:
a secret key and a corresponding public key.
- Time to compute a shared secret,
given one user's secret key and another user's public key.
- Space (bytes) for a secret key.
- Space for a public key.
- Space for a shared secret.
Each table row lists
the first quartile of many speed measurements,
the median of many speed measurements,
the third quartile of many speed measurements, and
the name of the primitive.
Measurements with large variance are indicated in red with question marks.
The symbol
T:
(starting with supercop-20200816)
means that the SUPERCOP database
at the time of benchmarking did not list constant time
as a goal for this implementation.
The symbol
T!!!
means that constant time was listed as a goal for this implementation,
but that the implementation failed TIMECOP.
(TIMECOP failures are not necessarily security issues;
they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)
There is a
separate page
with more information about each Diffie–Hellman system and each implementation.
Designers and implementors
interested in submitting new Diffie–Hellman systems
and new implementations of existing systems
should read the call for submissions.
Sizes across machines
| Secret key |
|---|
| bytes | system |
|---|
| 20 | sclaus1024 |
| 28 | sclaus2048 |
| 28 | surf2113 |
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | ecfp256e |
| 32 | ecfp256h |
| 32 | ecfp256i |
| 32 | ecfp256q |
| 32 | ecfp256s |
| 32 | gls1271 |
| 32 | gls254 |
| 32 | gls254prot |
| 32 | hecfp127i |
| 32 | hecfp128bk |
| 32 | hecfp128fkt |
| 32 | hecfp128i |
| 32 | jacfp127i |
| 32 | jacfp128bk |
| 32 | k298 |
| 32 | kumfp127g |
| 32 | kumfp128g |
| 32 | kumjacfp127g |
| 32 | kummer |
| 32 | nistp256 |
| 32 | prjfp127i |
| 32 | prjfp128bk |
| 32 | surf127eps |
| 48 | k277mon |
| 48 | k277taa |
| 104 | nist521gs |
| 130 | ed521gs |
| 144 | ed448goldilocks |
| 256 | claus |
|
| Public key |
|---|
| bytes | system |
|---|
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | gls1271 |
| 48 | kumfp127g |
| 48 | kumfp128g |
| 48 | kumjacfp127g |
| 48 | kummer |
| 48 | surf127eps |
| 48 | surf2113 |
| 56 | ed448goldilocks |
| 64 | ecfp256e |
| 64 | ecfp256h |
| 64 | ecfp256q |
| 64 | ecfp256s |
| 64 | gls254 |
| 64 | gls254prot |
| 64 | hecfp127i |
| 64 | hecfp128bk |
| 64 | hecfp128fkt |
| 64 | hecfp128i |
| 64 | jacfp127i |
| 64 | jacfp128bk |
| 64 | nistp256 |
| 64 | prjfp127i |
| 64 | prjfp128bk |
| 80 | k277mon |
| 80 | k277taa |
| 96 | ecfp256i |
| 96 | k298 |
| 128 | claus |
| 128 | sclaus1024 |
| 144 | ed521gs |
| 144 | nist521gs |
| 256 | sclaus2048 |
|
| Shared secret |
|---|
| bytes | system |
|---|
| 32 | curve2251 |
| 32 | curve25519 |
| 32 | ecfp256e |
| 32 | ecfp256h |
| 32 | ecfp256i |
| 32 | ecfp256q |
| 32 | ecfp256s |
| 32 | gls1271 |
| 32 | gls254prot |
| 32..32..64 | gls254 |
| 40 | k277mon |
| 40 | k277taa |
| 48 | k298 |
| 48 | kumfp127g |
| 48 | kumfp128g |
| 48 | kumjacfp127g |
| 48 | kummer |
| 48 | surf127eps |
| 48 | surf2113 |
| 64 | ed448goldilocks |
| 64 | hecfp127i |
| 64 | hecfp128bk |
| 64 | hecfp128fkt |
| 64 | hecfp128i |
| 64 | jacfp127i |
| 64 | jacfp128bk |
| 64 | nistp256 |
| 64 | prjfp127i |
| 64 | prjfp128bk |
| 72 | ed521gs |
| 72 | nist521gs |
| 128 | claus |
| 128 | sclaus1024 |
| 256 | sclaus2048 |
|
amd64; Zen 4 (a60f12); 2023 AMD Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20240716
Measurements Implementation notesamd64; Raptor Cove (b06a2); 2023 Intel Core i7-13700H, P cores; 6 x 4800MHz; raptor, supercop-20231107
Measurements Implementation notesamd64; Golden Cove (906a4-40); 2022 Intel Core i3-1215U, P cores; 2 x 1600MHz; alder2,1f626960,5600000, supercop-20240625
Measurements Implementation notesamd64; Gracemont (906a4-20); 2022 Intel Core i3-1215U, E cores; 4 x 1600MHz; alder2,1f626960,3300000, supercop-20240625
Measurements Implementation notesamd64; Golden Cove (90675-00); 2022 Intel Core i3-12100; 4 x 3300MHz; alder, supercop-20240716
Measurements Implementation notesamd64; Zen 2 (860f01); 2022 AMD Ryzen 5 4500U; 6 x 3600MHz; renoir, supercop-20240716
Measurements Implementation notesamd64; Zen 3 (a50f00); 2021 AMD Ryzen 5 PRO 5650G; 6 x 3900MHz; cezanne, supercop-20240716
Measurements Implementation notesamd64; Zen 3 (a50f00); 2021 AMD Ryzen 5 5560U; 6 x 4062MHz; beelink, supercop-20221122
Measurements Implementation notesamd64; Zen 2 (860f81); 2021 AMD Ryzen 3 5300U; 4 x 2600MHz; lucienne, supercop-20240716
Measurements Implementation notesamd64; Tremont (906c0); 2021 Intel Pentium Silver N6000; 4 x 1100MHz; jasper, supercop-20240625
Measurements Implementation notesamd64; Tremont (906c0); 2021 Intel Celeron N5105; 4 x 2000MHz; jasper3, supercop-20240625
Measurements Implementation notesamd64; Tremont (906c0); 2021 Intel Celeron N4500; 2 x 1100MHz; jasper2, supercop-20240625
Measurements Implementation notesamd64; Zen 3 (a20f10); 2020 AMD Ryzen 5 5600X; 6 x 3700MHz; unstable; spawn, supercop-20231215
Measurements Implementation notesamd64; Zen (820f01); 2020 AMD Athlon Silver 3050e; 2 x 1400MHz; dali, supercop-20240625
Measurements Implementation notesamd64; Tiger Lake (806c1); 2020 Intel Core i7-1165G7; 4 x 2800MHz; panther, supercop-20240716
Measurements Implementation notesaarch64; Cortex-A72 (410fd083); 2019 Broadcom BCM2711; 4 x 1500MHz; pi4b, supercop-20240425
Measurements Implementation notesamd64; Zen 2 (830f10); 2019 AMD EPYC 7742; 64 x 2250MHz; rome0, supercop-20240716
Measurements Implementation notesamd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; comet, supercop-20240625
Measurements Implementation notesamd64; Comet Lake (806ec); 2019 Intel Core i3-10110U; 2 x 2100MHz; cubi10, supercop-20240625
Measurements Implementation notesamd64; Ice Lake (706e5); 2019 Intel Core i3-1035G1; 4 x 1000MHz; icelake2, supercop-20221005
Measurements Implementation notesamd64; Goldmont Plus (706a8); 2019 Intel Celeron N4020; 2 x 1100MHz; gemini, supercop-20240425
Measurements Implementation notesaarch64; Skylark (503f0002); 2018 Ampere eMAG 8180; 32 x 3300MHz; unstable; gcc185, supercop-20240107
Measurements Implementation notesaarch64; Cortex-A53 (410fd034); 2018 Broadcom BCM2837B0; 4 x 1400MHz; pi3aplus, supercop-20240425
Measurements Implementation notesaarch64; Cortex-A53 (410fd034); 2018 Broadcom BCM2837B0; 4 x 1400MHz; pi3bplus, supercop-20231107
Measurements Implementation notesamd64; Coffee Lake (906ea); 2018 Intel Xeon E-2124; 4 x 3300MHz; r24000, supercop-20240107
Measurements Implementation notesriscv64; U54 (sifive,u54-mc); 2017 SiFive Freedom U540; 4 x 1000MHz; riscvunleashed000, supercop-20240107
Measurements Implementation notesamd64; Zen (800f11); 2017 AMD Ryzen 7 1700; 8 x 3000MHz; rumba7, supercop-20240716
Measurements Implementation notesamd64; Zen (800f11); 2017 AMD Ryzen 5 1600; 6 x 3200MHz; rumba5, supercop-20240716
Measurements Implementation notesamd64; Zen (800f11); 2017 AMD Ryzen 3 1200; 4 x 3100MHz; rumba3, supercop-20221122
Measurements Implementation notesamd64; Kaby Lake (906e9); 2017 Intel Xeon E3-1220 v6; 4 x 3000MHz; kizomba, supercop-20240716
Measurements Implementation notesamd64; Kaby Lake (806e9); 2017 Intel Core i3-7100; 2 x 2400MHz; whosthere, supercop-20221122
Measurements Implementation notesarmeabi; Cortex-A7 (410fc075); 2016 Broadcom BCM2836; 4 x 900MHz; berry2, supercop-20240425
Measurements Implementation notesamd64; Goldmont (506c9); 2016 Intel Celeron J3455; 4 x 1500MHz; wooden, supercop-20240425
Measurements Implementation notesamd64; Broadwell+AES (406f1); 2016 Intel Xeon E5-2609 v4; 8 x 1700MHz; bolero, supercop-20240716
Measurements Implementation notesamd64; Silvermont (406c4); 2016 Intel Atom x5-Z8350; 4 x 1440MHz; cherry, supercop-20240625
Measurements Implementation notesamd64; Skylake (506e3); 2015 Intel Xeon E3-1220 v5; 4 x 3000MHz; samba, supercop-20240716
Measurements Implementation notesamd64; Airmont (406c3); 2015 Intel Pentium N3700; 4 x 1600MHz; nucnuc, supercop-20240425
Measurements Implementation notesamd64; Broadwell+AES (306d4); 2015 Intel Core i3-5005U; 2 x 1900MHz; shoe, supercop-20240625
Measurements Implementation notesarmeabi; Cortex-A17 (410fc0d1); 2014 Rockchip RK3288; 4 x 1800MHz; tinker, supercop-20240107
Measurements Implementation notesamd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1275 V3; 4 x 3500MHz; titan0, supercop-20240716
Measurements Implementation notesamd64; Haswell+AES (306c3); 2013 Intel Xeon E3-1220 v3; 4 x 3100MHz; hiphop, supercop-20231107
Measurements Implementation notesamd64; Haswell+AES (306c3); 2013 Intel Core i7-4770; 4 x 3400MHz; speed2supercop, supercop-20240625
Measurements Implementation notesarmeabi; Cortex-A8 (413fc082); 2012 TI Sitara XAM3359AZCZ100; 1 x 1000MHz; bblack, supercop-20240425
Measurements Implementation notesamd64; Bulldozer (600f20); 2012 AMD FX-8350; 4 x 4000MHz; saber214, supercop-20240625
Measurements Implementation notesamd64; Ivy Bridge+AES (306a9); 2012 Intel Xeon E3-1275 V2; 4 x 3500MHz; hydra8, supercop-20240716
Measurements Implementation notesamd64; Ivy Bridge+AES (306a9); 2012 Intel Core i5-3427U; 2 x 1800MHz; hunsnivy, supercop-20240625
Measurements Implementation notesarmeabi; Cortex-A9+NEON (412fc09a); 2011 Freescale i.MX6 Quad; 4 x 1200MHz; unstable; novena, supercop-20220506
Measurements Implementation notesarmeabi; ARM1176 (410fb767); 2011 Broadcom BCM2835; 1 x 1000MHz; berry0, supercop-20240107
Measurements Implementation notesmipso32; Octeon II (cnmips64v2); 2011 Cavium Octeon II CN6120; 2 x 2000MHz; gcc23, supercop-20230530
Measurements Implementation notesamd64; Bobcat (500f10); 2011 AMD G-T56N; 2 x 1650MHz; h8bobcat, supercop-20240425
Measurements Implementation notesamd64; K10 32nm (300f10); 2011 AMD A8-3850; 4 x 2900MHz; hydra5, supercop-20240625
Measurements Implementation notesamd64; K10 32nm (300f10); 2011 AMD A6-3650; 4 x 2600MHz; hydra4, supercop-20240625
Measurements Implementation notesamd64; Bonnell (30661); 2011 Intel Atom D2500; 2 x 1866MHz; h8atom, supercop-20240425
Measurements Implementation notesamd64; Sandy Bridge+AES (206a7); 2011 Intel Xeon E3-1225; 4 x 3100MHz; hydra7, supercop-20240625
Measurements Implementation notesamd64; Sandy Bridge (206a7); 2011 Intel Core i3-2310M; 2 x 2100MHz; h6sandy, supercop-20240625
Measurements Implementation notesamd64; K10 45nm (100f63); 2010 AMD Athlon II Neo K125; 1 x 1700MHz; h3neo, supercop-20240425
Measurements Implementation notesamd64; Bonnell (106ca); 2010 Intel Atom N455; 1 x 1000MHz; h2atom, supercop-20240107
Measurements Implementation notesamd64; Core 2 45nm (1067a); 2009 Intel Core 2 Duo E7600; 2 x 3060MHz; wolfdale, supercop-20240625
Measurements Implementation notesamd64; Core 2 45nm (10676); 2007 Intel Xeon X5450; 8 x 2992MHz; unstable; gcc14, supercop-20220506
Measurements Implementation notesamd64; Core 2 65nm (6fb); 2007 Intel Core 2 Quad Q6600; 4 x 2404MHz; margaux, supercop-20240625
Measurements Implementation notesamd64; Core 2 65nm (6fb); 2007 Intel Core 2 Duo T7300; 2 x 2000MHz; trident, supercop-20240425
Measurements Implementation notes |
