VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Golden Cove (90675-00); 2022 Intel Core i3-12100; 4 x 3300MHz; alder, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
165491733318601
T:
kumjacfp127g
178801880520127
T:
jacfp127i
199602118422845
T:
prjfp127i
205712158323522
T:
hecfp127i
237492482025769
T:
jacfp128bk
250872577227266
T:
hecfp128i
269022837429755
T:
prjfp128bk
274862850130248
T:
hecfp128fkt
275742879030311
T:
hecfp128bk
297183011030457
T:
gls254
310533111131173
T:
gls254prot
335433364633907
T:
curve2251
383053835438417
T:
k277taa
422174228242355
T:
k298
498635036851104
T:
gls1271
521925224052284
T:
kummer
606096068360770
T:
k277mon
637386397264238
T:
kumfp127g
804548071080970
T:
kumfp128g
106969107280108537
T:
curve25519
139025139353139693
T:
ed448goldilocks
164343166149167789
T:
sclaus1024
177010177948179450
T:
nistp256
341552342860343892
T:
surf2113
598483604495611422
T:
ed521gs
768821773756778591
T:
nist521gs
875687881513889513
T:
sclaus2048
922523923098923762
T:
claus
Cycles to compute a shared secret
25%50%75%system
290032904729091
T:
gls254
309163095531003
T:
gls254prot
381653821238252
T:
k277taa
420764212642181
T:
k298
521515221960486
T:
kummer
605216059060654
T:
k277mon
654966562065745
T:
kumfp127g
663866649566627
T:
jacfp128bk
666216679066868
T:
kumjacfp127g
759507619976412
T:
prjfp128bk
778837803278215
T:
hecfp128bk
802758040780807
T:
hecfp128fkt
853308567885987
T:
kumfp128g
100946101044101241
T:
jacfp127i
106039106907107413
T:
curve25519
120631120851121038
T:
hecfp127i
119447121257122611
T:
prjfp127i
122986123573127224
T:
gls1271
133336133663134166
T:
curve2251
167165167354167534
T:
hecfp128i
167815168207169068
T:
sclaus1024
334383337757338558
T:
surf2113
408565409094409718
T:
ed448goldilocks
436922437715439409
T:
nistp256
596499602248608577
T:
ed521gs
768533773586778508
T:
nist521gs
873477878569881042
T:
sclaus2048
920630921307921977
T:
claus